Home    News Archive    Translate Traducen
News December 2007
29 December 2007

Guides, Papers, etc
gyaku.jp
Regulating the Japanese cyberspace, one step at a time. Read more

blogs.securiteam.com
When fixing is not enough. Read more

sunbeltblog.blogspot.com
Dog's breakfast continues on Blogger. Read more

sunbeltblog.blogspot.com
Security and Software as a Service (SaaS). Read more

sunbeltblog.blogspot.com
New fake codec site -- Windows and Mac -- codecult... Read more

ddanchev.blogspot.com
The New Media Malware Gang - Part Two. Read more

ddanchev.blogspot.com
Riders on the Storm Worm. Read more

www.pcworld.idg.com.au
The 2007 security hall of shame. Read more

www.viruslist.com
Calling the hyve. Read more

www.esecurityplanet.com
Ranetif Worm Opens Back Door, Infects Files. Read more

www.cisrt.org
New-Year2008-imgaes.zip & Happy2008.zip. Read more

blogs.zdnet.com
Erosion of privacy is a corporate strategy. Read more

www.viruslist.com
Coordinated distributions method for tracking botnets sending out spam. Read more

www.eweek.com
Inside a Modern Malware Distribution System. Read more

www.enterprisenetworkingplanet.com
Secure Your WLAN With Aircrack-ng. Read more

www.wi-fiplanet.com
How to Choose the Best WRT54G Router for You. Read more

www.dailydomainer.com
Who Is Really Monitoring Your Domain Searches? Read more

img.domaintools.com
SSAC Advisory on Domain Name Front Running. Read more

msmvps.com
Disabling DNS dynamic updates. Read more

www.arbornetworks.com
Audio. eBizQ Security Podcast: The Ever-More Deadly Evolution of Malicious Software. Listen

www.arbornetworks.com
Audio. Security Bites Podcast: FBI cracks down on bot herders. Listen

www.arbornetworks.com
Audio. How Botnets Are Lo-bot-omizing Your PC. Listen

www.arbornetworks.com
Audio. The Rise of For-Profit Botnets. Listen

 

Vulnerabilities & Exploits
aluigi.altervista.org
CoolPlayer. buffer-overflow in CPLI_ReadTag_OGG. Read more

aviv.raffon.net
Google Toolbar Dialog Spoofing Vulnerability. Read more

securitytracker.com
Joomla! Input Validation Hole Permits Cross-Site Request Forgery Attacks. Read more

 

Tools:
utilitymill.com
Exe_Dump_Utility. Read more

 

News
www.securityfocus.com
Microsoft offers peek into "juicy" flaw details. Read more

www.theregister.co.uk
Bhutto murder used to spread malware. Read more

arstechnica.com
Trojan capitalizes on Bhutto assassination in under 24 hours. Read more

www.darkreading.com
US-Based Chinese News Site Gets DDOSed. Read more

techdirt.com
Microsoft Seeks Patent On Monitoring Employees' Brains. Read more

www.washingtonpost.com
Dog Owner Takes On China's Web Censors. Read more

arstechnica.com
Nokia 4G wireless tech hits 173Mbps in real-world test. Read more

28 December 2007

Guides, Papers, etc
www.securityfocus.com
Fake codecs continue to plague searches. Read more

www.eweek.com
Instability and Modern Anti-Virus Software. Read more

www.chron.com
Hackers may threaten economy. Read more

blogs.technet.com
MS07-063 - The case of the insecure signature. Read more

blogs.technet.com
MS07-065 - The case of the significant suffix. Read more

sunbeltblog.blogspot.com
New rogue antispyware variant. Read more

sunbeltblog.blogspot.com
Fake codecs on Blogger. Read more

sunbeltblog.blogspot.com
List of deceptive music sites. Read more

sunbeltblog.blogspot.com
Shutterbugging it on Christmas Eve. Read more

sunbeltblog.blogspot.com
Malware gangs gettin' busy with holiday love. Read more

ddanchev.blogspot.com
Spreading Malware Around the Christmas Tree. Read more

rbnexploit.blogspot.com
RBN – New and Improved Storm Botnet for 2008. Read more

www.cisrt.org
Benazir Bhutto Assassination. Read more

www.cisrt.org
Warezov.xa, New Year E-card. Read more

erratasec.blogspot.com
MSN messenger built-in AV. Read more

blog.trendmicro.com
Bhutto Assassination: JavaScripted. Read more

www.symantec.com
Assassination Fascination. Read more

www.avertlabs.com
Benazir Bhutto Assassination: New Avenue for Spreading Malware. Read more

www.avertlabs.com
On the path to cross platform exploits. Read more

www.avertlabs.com
Morphing (Your Own) Documents into 2008. Read more

www.eweek.com
Where Does TJX Lie on the Naughty-Nice Line? Read more

blogs.zdnet.com
Vista deactivates me for upgrading motherboard firmware. Read more

www.darkreading.com
Security's Biggest Train Wrecks of 2007. Read more

www.darkreading.com
Storm Darkens Christmas, Takes Aim at New Year's. Read more

www.technewsworld.com
Google Kerfuffle Leaves Bloggers' Feathers Ruffled. Read more

aolradio.podcast.aol.com
Audio. Security Now 124: Listener Questions 31. Listen

 

Vulnerabilities & Exploits
securitytracker.com
Novell Identity Manager 'asampsp' Process Can Be Crashed By Remote Users. Read more

securitytracker.com
AOL YGP Picture Editor Buffer Overflows Let Remote Users Deny Service. Read more

securitytracker.com
ZyXEL Wireless Router Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

 

News
www.securityfocus.com
Storm Worm offers coal for Christmas. Read more

www.theregister.co.uk
New Year's Eve greetings disguise Storm Worm attacks. Read more

www.boston.com
US cites threats to businesses abroad. Read more

www.infoworld.com
Microsoft sues domain name registrar for typosquatting. Read more

www.latimes.com
EBay goes far to fight fraud -- all the way to Romania. Read more

www.computerworld.com
Microsoft's Windows Home Server corrupts files. Read more

www.dailynews.com
Porn industry frets over security breach. Read more

www.theregister.co.uk
Man uses mobe as modem, rings up £27k phone bill. Read more

news.bbc.co.uk
Police data details found at dump. Read more

www.theregister.co.uk
German police hunt 12,000 strong child abuse ring. Read more

www.theregister.co.uk
Gmail exploit aids domain hijack. Read more

25 December 2007

Guides, Papers, etc
www.f-secure.com
It's a Stormy Christmas Eve..Read more

www.f-secure.com
No Storm This Christmas. Read more

www.disog.org
The silent Storm and Javascript Decoding. Read more

blog.trendmicro.com
Here comes Storm again. Read more

ddanchev.blogspot.com
Spreading Malware Around the Christmas Tree. Read more

ddanchev.blogspot.com
Pinch Variant Embedded Within RussianNews.ru. Read more

www.cisrt.org
Zhelatin.pd, stripshow.exe. Read more

www.cisrt.org
Zhelatin.pe, Christmas Greeting Ecards. Read more

www.cisrt.org
Spams with Hard.zip. Read more

isc.sans.org
A Christmas Packet Challenge. Read more

isc.sans.org
Anticipated Storm-Bot Attack Begins. Read more

isc.sans.org
Getting a web browser without a web browser? Read more

www.symantec.com
Is Trojan.Zlob Getting Honest? Naaahh...Read more

www.microsoft.com
Island Hopping: The Infectious Allure of Vendor Swag. Read more

blogs.securiteam.com
From description to exploit. Read more

www.roughlydrafted.com
Vista vs Mac OS X Security: Why George Ou’s ZDNet Vulnerability Numerology is Absurd. Read more

arstechnica.com
Report: antivirus applications getting weaker over time. Read more

www.openrce.org
RDP Botnets : Malware Google Dorking - Not an Easy Task. Read more

www.vnunet.com
2007 Roundup: The march of the botnets. Read more

www.theregister.co.uk
Vista sets 2007 land-speed record for copying and deleting. Read more

www.viruslist.com
Coordinated distributions method for tracking botnets sending out spam. Read more

www.secniche.org
Google Metacharacter [*] Spamdexing Bug. Read more

rbnexploit.blogspot.com
RBN – $$$ - the retail payment systems. Read more

www.secniche.org
Real Time Hacking : ISA Server. Read more

www.ics.forth.gr
Detecting Targeted Attacks Using Shadow Honeypots. Read more

www.secniche.org
Detecting Vmwares Remotely. Read more

podcasts.mcafee.com
Audio. McAfee's AudioParasitics Episode 24. Virtual Criminology. Listen

podcasts.sophos.com
Audio. Surfing the pump-and-dump wave. Listen

 

Vulnerabilities & Exploits
Adobe Flash Content May Permit Cross-Site Scripting Attacks. Read more

 

News
www.icwt.us
Tens of Thousands of Adult Website Records Compromised. Read more

economictimes.indiatimes.com
Cyber crime wing arrests 12-member hacker gang in Bangalore. Read more

22 December 2007

Guides, Papers, etc
blogs.securiteam.com
Cryptome: NSA has real-time access to Hushmail servers. Read more

www.news.com
Security firms on police spyware, in their own words. Read more

www.viruslist.com
The darker side of online virus scanners. Read more

blogs.securiteam.com
New Security Threats & Solutions. Read more

blogs.securiteam.com
‘Tis the season. Read more

ddanchev.blogspot.com
ClubHack 2007 - Papers and Presentations. Read more

ddanchev.blogspot.com
Russia's FSB vs Cybercrime. Read more

www.websense.com
ARP spoofing HTTP infection malware. Read more

www.avertlabs.com
Rootkits in China Part 1. Read more

winnow.oitc.com
Antivirus Performance. Read more

www.f-secure.com
Pinch Malware Authors Busted. Read more

www.f-secure.com
Arrested Mules. Read more

www.darkreading.com
Tech Insight: Microsoft's IPSec. Read more

www.darkreading.com
Your Customer: The New Insider Threat. Read more

seattletimes.nwsource.com
Anti-virus program, ISP limits may cause computer's timeout. Read more

www.securityfocus.com
Real Flaws in Virtual Worlds. Read more

www.itbusinessedge.com
Security Staffs Must Beware as Hackers Knock on the Backdoor. Read more

www.microsoft-watch.com
IE 8 and the New Browser War. Read more

www.infoworld.com
A side of hash. Readmore

www.informit.com
Social, Legal, and Ethical Issues in Computing: Errors, Failures, and Risk. Read more

www.disog.org
The silent Storm and Javascript Decoding. Read more

www.0x000000.com
Why Signature Detection Fails. Read more

msmvps.com
Acid2 fisticuffs (yes, I am joking) ;o) Read more

www.vitalsecurity.org
Reaction to yesterday's takedown. Read more

www.courttv.com
Upcoming on CourtTV. Tuesday, December 25 at 11 and 11:30pm E/P. This vérité action series follows Tiger Team – a group of elite professionals hired to infiltrate major business and corporate interests with the objective of exposing weaknesses in the world’s most sophisticated security systems, defeating criminals at their own game. Read more

 

Vulnerabilities & Exploits
securitytracker.com
IBM Content Manager for z/OS Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
IBM Domino Web Access 'dwa7w.dll' ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
autofs Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com
HP-UX rpc.yppasswdd Bug Lets Remote Users Deny Service. Read more

securitytracker.com
HP Tru64 File-on-File Mounting File System Bug Lets Local Users Deny Service. Read more

securitytracker.com
Ingres Database Grants Remote Users Access to the Database with the Incorrect Privileges. Read more

securitytracker.com
HP Software Update ActiveX Control Has Unsafe Method That Lets Remote Users Damage Files or Execute Arbitrary Code. Read more

securitytracker.com
Citrix Web Interface Input Validation Hole in Online Help Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
Opera Bugs Permit Code Execution and Cross-Domain Scripting Attacks. Read more

securitytracker.com
libexif Infinite Recursion Bug Permits Denial of Service Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Cisco Firewall Service Module Application Inspection Bug Lets Remote Users Deny Service. Read more

 

News
www.theregister.co.uk
Serious Flash vulns menace tens of thousands websites. Read more

www.theregister.co.uk
Click here to turn your HP laptop into a brick. Read more

www.theregister.co.uk
Russian Feds close in on Pinch Trojan authors. Read more

www.channelregister.co.uk
Kaspersky false alarm quarantines Windows Explorer. Read more

www.channelregister.co.uk
Anti-virus protection gets worse. Read more

www.theregister.co.uk
Skipton in lost laptop security woes. Read more

www.theregister.co.uk
Ad hijacking Trojan targets Google. Read more

news.zdnet.co.uk
Google 'powerless' to stop AdSense theft. Read more

www.news.comRead more

www.smh.com.au
Police raid penis enlargement spammer. Read more

www.computerworld.com
Apple files patent for WGA-style anti-piracy tech. Read more

21 December 2007

Guides, Papers, etc
enews.penton.com
Malware Evolves to Bypass Common Controls. Read more

www.marrowbones.com
Orkut Worm Code (and why was Google so slow to respond?). Read more

ddanchev.blogspot.com
Inshallahshaheed - Come Out, Come Out Wherever You Are. Read more

ddanchev.blogspot.com
Pushdo - Web Based Malware as Usual. Read more

www.cisrt.org
Google/Orkut Worm Outbreak. Read more

blog.wslabi.com
Focus On: MySQL remote code execution. Read more

www.vitalsecurity.org
Stock Trading Spam Hits Flickr. Read more

www.darkreading.com
Hacking a New DNS Attack. Read more

www.f-secure.com
Red Cross money mule recruitment. Read more

blogs.technet.com
MS07-069 Cumulative Security Update for Internet Explorer - Post Install Issue. Read more

support.microsoft.com
Internet Explorer 6 crashes after you install security update 942615 on a computer that is running Windows XP Service Pack 2. Read more

www.eweek.com
Your Spammer May Be a Victim, Too. Read more

isc.sans.org
Adobe Flash Player and GoLive security updates. Read more

isc.sans.org
Got a HP laptop and running windows? Time to patch! Read more

www.darkreading.com
Pen Testing Goes Reality TV. Read more

www.darkreading.com
Putting Up Your Cyber Defenses. Read more

www.darkreading.com
Navigating the 'C' of Network Discovery. Read more

swatrant.blogspot.com
Zlob fake codecs in Google Groups. Read more

blog.trendmicro.com
Google Toolbar: Beware of Buttons. Read more

rbnexploit.blogspot.com
RBN – $$$ - the retail payment systems. Read more

ha.ckers.org
Google Spamming Us. Read more

blogs.securiteam.com
beThere backdoor still there. Read more

anti-virus-rants.blogspot.com
when is a botnet not a botnet? Read more

badmalweb.com
Rebecca the Webmaster - BadWare Case Study. Read more

www.podtrac.com
Audio. Security Now 123: JungleDisk. Listen

 

Vulnerabilities & Exploits
securitytracker.com
Sun Management Center (SunMC) Lets Remote Users Access the Database. Read more

securitytracker.com
Sun Ray Device Manager Daemon Lets Remote Users Create/Delete Directories and Deny Service. Read more

securitytracker.com
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code, Scan Ports, and Conduct HTTP Request Splitting and Cross-Site Scripting Attacks. Read more

securitytracker.com
Clam AntiVirus Integer Overflow in Processing MEW Packed Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Asterisk Lets Remote Users Bypass Host-based Access Controls in Certain Cases. Read more

 

Tools:
blogs.zdnet.com
First Look at Firefox 3.0 Beta 2. Read more

www.computerworld.com
Plexiglas-like DVD to hold 1TB of data. Read more

www.gnucitizen.org
General Purpose Fuzzer.py. Read more

 

News
www.channelregister.co.uk
Portuguese-speaking worm attacks Google Orkut users. Read more

www.viruslist.com
Pinch authors pinched. Read more

www.channelregister.co.uk
Dutch arrest 14 mules in ABN AMRO scam. Read more

www.channelregister.co.uk
Indonesian hacker touches souls by bringing down police website. Read more

www.computerworld.com
'Bricking' bug threatens most HP, Compaq laptops. Read more

news.zdnet.co.uk
Veracode tool scans for developer backdoors. Read more

www.channelregister.co.uk
Microsoft spits out final XP service pack, beta version. Read more

www.news.com
Warning sounded over 'flirting robots'. Read more

19 December 2007

Guides, Papers, etc
www.wired.com
The Great Firewall: China's Misguided — and Futile — Attempt to Control What Happens Online. Read more

www.secureworks.com
Pushdo - Analysis of a Modern Malware Distribution System. Read more

www.eweek.com
Closing a Hole in AV Software Testing. Read more

www.cs.utexas.edu
How To Break Anonymity of the Netflix Prize Dataset. Read more

ddanchev.blogspot.com
209.1 Host Locked. Read more

ddanchev.blogspot.com
Cyber Jihadist Hacking Teams. Read more

www.youtube.com
Video. Phishing Demo - Rock Phish Kit. Watch

sunbeltblog.blogspot.com
Another security company succumbs to temptation. Read more

www.f-secure.com
Happy New Year... .exe? Read more

isc.sans.org
Apple Security Update 2007-009. read more

msmvps.com
Malicious banner adverts .. they haven't gone away. Read more

www.0x000000.com
DollarRevenue Fined For 1M Euro. Read more

www.wired.com
Dec. 18, 1987: Perl Simplifies the Labyrinth That Is Programming Language. Read more

 

Vulnerabilities & Exploits
www.cisrt.org
HP Info Center HPInfoDLL.dll ActiveX Control Vulnerability. Read more

securitytracker.com
iChat Lets Remote Users on the Local Network Initiate Unauthorized Video Chats. Read more

securitytracker.com
Safari SubFrame Navigation and RSS Feed URL Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code. Read more

securitytracker.com
Apple Mail May Use Plaintext Authentication When SMTP Authentication is Selected. Read more

securitytracker.com
Mac OS X Multiple Bugs Permit Remote Code Execution, Local Privilege Escalation, Cross-Site Scripting Attacks, and Information Disclosure. Read more

securitytracker.com
Syslog-ng Timestamp NULL Pointer Dereference Bug Lets Remote Users Deny Service. Read more

securitytracker.com
Net::DNS Bug in Processing DNS Response Packets Lets Remote Users Deny Service. Read more

securitytracker.com
Scponly May Let Remote Authenticated Users Execute Arbitrary Commands. Read more

 

News
www.theregister.co.uk
MS to bundle 'broken' random number tool in Vista SP1. Read more

www.darkreading.com
New Service Detects Backdoors in Software. Read more

www.theregister.co.uk
Dutch regulator slaps spyware purveyors with €1m fine. Read more

www.pcworld.com
Microsoft Lets Everyone Try Windows XP SP3. Read more

www.gartner.com
Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks. Read more

www.computerworld.com
Update: Bugs in IE, Gmail allow hackers to hijack public PCs, researchers say. Read more

17 December 2007

Guides, Papers, etc
papers.ssrn.com
The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident. Read more

www.time.com
Enemies at The Firewall. Read more

resources.zdnet.co.uk
Cracking open the cybercrime economy. Read more

www.hackosis.com
Concept: Security by Deception with Emulation. Read more

www.f-secure.com
Fake Adult Friend Finder Greeting Cards. Read more

isc.sans.org
Responding to a file-parsing application attack. Read more

www.cisrt.org
Card from Adult Sex Finder? Read more

sunbeltblog.blogspot.com
Another DNSChanger codec variant to stay away from - codecnice. Read more

sunbeltblog.blogspot.com
This is not cool. Read more

blog.trendmicro.com
Hackers Eye .MDB. Read more

ddanchev.blogspot.com
Cached Malware Embedded Sites. Read more

ddanchev.blogspot.com
Have Your Malware In a Timely Fashion. Read more

ddanchev.blogspot.com
Combating Unrestricted Warfare. Read more

www.eweek.com
DNSSEC Is Dead, Stick a Fork in It. Read more

aolradio.podcast.aol.com
Audio. Security Now 122: Listener Feedback #30. Liten

craphound.com
Audio. The Hacker Crackdown Read more

 

Vulnerabilities & Exploits
securitytracker.com
Solaris NFS Kernel Bug Lets Remote Authenticated Users Gain Privileged Access in Certain Cases. Read more

securitytracker.com
Novell GroupWise Stack Overflow in Processing IMG SRC Tag Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Juniper JUNOS BGP and IPv6 Bugs Let Remote Users Deny Service. Read more

securitytracker.com
QuickTime QTL File and Flash Media Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
HP-UX DCE Lets Remote Users Deny Service. Read more

securitytracker.com
Gentoo Portage May Disclose Information to Local Users. Read more

 

Tools:
www.owasp.org
SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Read more

www.computec.ch
The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. Read more

xenion.antifork.org
The Cookie Tools 0.3. Read more

sourceforge.net
EchoVNC is a secure, "firewall-friendly" remote-desktop tool with support for VNC, Remote Desktop, and RAdmin servers and viewers. Read more

 

News
www.securityfocus.com
Apple patches flaws in QuickTime. Read more

www.theregister.co.uk
Apple keeps critical security fixes to itself. Read more

www.theregister.co.uk
Botnets linked to political hacking in Russia. Read more

www.techcrunch.com
Facebook Sues Porn Company Over Hacking Attempt. Read more

mcwresearch.com
Top US Military Labs pwned by spear phishing. Read more

www.stuff.co.nz
Banks confident of consensus on Internet code. Read more

www.spaminspector.org
Cyber police arrest kingpin and 11 others of a hacking gang. Read more

news.zdnet.co.uk
Google develops Wikipedia rival. Read more

www.securecomputing.net.au
Australia-wide online child predator network dismantled. Read more

www.spaminspector.org
TN man held for hacking bank accounts. Read more

www.wired.com
Hans Reiser Murder Trial Zeros in on Odd Behavior. Read more

66.225.202.210
RIAA versus Grandma, Part II: the showdown that wasn't. Read more

14 December 2007

Guides, Papers, etc
isc.sans.org
SquirrelMail package compromise. Read more

isc.sans.org
Important upgrade for Juniper routers. Read more

isc.sans.org
QuickTime 7.3.1 released addresses RTSP vulnerability. Read more

www.joelesler.net
Quicktime 7.3.1 Update is out. Read more

isc.sans.org
A day in the life of a firewall log. Read more

www.f-secure.com
Turkish Defacement. Read more

www.f-secure.com
Warezov Continues. Read more

msmvps.com
I want my 4 hours damn it!!! Read more

msmvps.com
An Internet Explorer Automatic Component Activation (IE ACA) Update Preview is available. Read more

www.avertlabs.com
No more W32/Voterai.worm? Read more

www.cisrt.org
Christmas Day Coming, Malwares Coming. Read more

ddanchev.blogspot.com
Combating Unrestricted Warfare. Read more

ddanchev.blogspot.com
Phishing Metamorphosis in 2007 - Trends and Developments. Read more

www.darkreading.com
Spam Reaching Record Volumes, Researchers Say. Read more

www.securityfocus.com
Survey: Privacy breaches rampant in corporations. Read more

lauren.vortex.com
Fears of ISP "Man in the Middle" Security Attacks. Read more

www.smh.com.au
The hunt for Russia's web crims. Read more

www.smh.com.au
Internet hijackers pull the money. Read more

www.smh.com.au
Is internet banking safe? Read more

www.smh.com.au
In the world of emails, junk rules. Read more

weblog.infoworld.com
Don't be a phishing vigilante. Read more

www.gcn.com
NIST working on new method for finding software bugs. Read more

www.codinghorror.com
Has CAPTCHA Been "Broken"? Read more

www.0x000000.com
Hacking 27Mhz Wireless Keyboards. Read more

www.ipetitions.com
Banning Bots in AIM Chat Rooms. Read more

 

Vulnerabilities & Exploits
securitytracker.com
Symantec Mail Security Buffer Overflows in Processing Lotus 1-2-3 Attachments Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Kerio WinRoute Firewall May Let Remote Users Bypass Authentication. Read more

securitytracker.com
Websense Enterprise Lets Remote Users Bypass Web Filtering With Modified User-Agent Values. Read more

securitytracker.com
Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
WebLogic Mobility Server Image Converter Lets Remote Users Access Resources. Read more

securitytracker.com
Red Hat autofs Lets Local Users Gain Root Privileges. Read more

securitytracker.com
HP Info Center 'HPInfoDLL.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service. Read more

securitytracker.com
MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com
MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com
Trend Micro Antivirus Format String Bug in Processing UUE Files Lets Remote Users Deny Service. Read more

 

Tools:
www.pcw.co.uk
AVG Anti-Virus Free 7.5.503a1224. Read more

 

News
www.securityfocus.com
Microsoft patches DirectX, Internet Explorer. Read more

www.theregister.co.uk
Update glitch derails Kaspersky. Read more

www.theregister.co.uk
Privacy storm descends on Dutch health care database. Read more

www.computerworlduk.com
One in five PCs infected with silent rootkits. Read more

www.computerworlduk.com
Botnet-controlled Trojan robbing UK online bank customers. Read more

www.businessweek.com
Hackers Likely to Target Chinese Users in 2008. Read more

news.findlaw.com
Polish police detain 29 suspected of spreading child pornography. Read more

blog.wired.com
Witnesses: Hans Reiser Acting Strange After Wife Went Missing -- Update. Read more

www.switched.com
Amazon Kindle Hacked, Leading to More E-Books for Readers. Read more

12 December 2007

Guides, Papers, etc
www.securityfocus.com
The Man in the Machine. Read more

www.securityfocus.com
Copyrights and Wrongs. Read more

www.computerweekly.com
Web 2.0 creates ‘Trojan 2.0’ threat. Read more

www.f-secure.com
Year-End Updates from Microsoft. Read more

support.microsoft.com
An update that improves the performance, responsiveness, and reliability of Windows Vista is available. Read more

www.f-secure.com
Security Advisories. Read more

f-secure.goodmood.net
Video. Data Security Summary - July to December 2007. Watch

isc.sans.org
December black tuesday overview. Read more

isc.sans.org
How to stop javascript from websites infecting clients. Read more

sunbeltblog.blogspot.com
New Zlob site: abcdperformance. Read more

sunbeltblog.blogspot.com
New fake codec website -- Windows and Mac -- codec... Read more

sunbeltblog.blogspot.com
Sunbelt Sandbox fun. Read more

sunbeltblog.blogspot.com
Good customer service. Read

sunbeltblog.blogspot.com
New fake codec trojan variant -- Windows and Mac -- codechard. Read more

sunbeltblog.blogspot.com
AFF porn spam continues unabated despite FTC settlement. Read more

sunbeltblog.blogspot.com
Adult Friend Finder settles. Read more

sunbeltblog.blogspot.com
Some additional commentary about the Antimalware T... Read more

sunbeltblog.blogspot.com
New rogue antispyware variants. Read more

www.disog.org
Sandboxing and CSA Advisory. Read more

www.disog.org
QuickTime and RealPlayer Exploits. Read more

blogs.securiteam.com
Fuzzing is not just buffer overflows. Read more

lauren.vortex.com
Toward Pervasive Internet Encryption: Unshackling the Self-Signed Certificate. Read more

lauren.vortex.com
http: Must Die! (and The Encryption Solution). Read more

ha.ckers.org
Exaggerating Timing Attack Results Via GET Flooding. Read more

www.darkreading.com
AV Gets a Facelift. Read more

www.darkreading.com
Real Data in App Testing Poses Real Risks. Read more

www.schneier.com
Security in Ten Years. Read more

ddanchev.blogspot.com
Update on the MySpace Phishing Campaign. Read more

ddanchev.blogspot.com
Inside the Chinese Underground Economy. Read more

ddanchev.blogspot.com
Phishers, Spammers, and Malware Authors Clearly Co... Read more

ddanchev.blogspot.com
The Shark Malware - New Version's Coming. Read more

www.eweek.com
Browser Insecurity Wars Still Rage. Read more

www.eweek.com
Your PC Is Vulnerable Without Browser Protection. Read more

www.eweek.com
How Not to Engender Confidence in Your Customers. Read more

www.computerworld.com
How dangerous user behavior puts networks at risk. Read more

www.computerworld.com
The 2007 Security Hall of Shame. Read more

aolradio.podcast.aol.com
Audio. Security Now 121: Is Privacy Dead? Listen

www.cs.ucsb.edu
The 2007 UCSB International Capture The Flag. Read more

 

Vulnerabilities & Exploits
securitytracker.com
Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Windows Vista Kernel ALPC Validation Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com
Windows Media Format Runtime ASF File Parsing Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Windows Vista Server Message Block v2 Signature Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
WordPress Input Validation Flaw in Search Function Lets Remote Users Inject SQL Commands. Read more

securitytracker.com
IBM AIX Has Multiple Security Bugs With Unspecified Impact. Read more

securitytracker.com
Websense Input Validation Hole in 'username' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
Samba Buffer Overflow in nmbd send_mailslot() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Windows Media Player Stack Overflow in 3ivx Codec Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Skype Memory Corruption Error in 'skype4com' URI Handler Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
QuickTime Unspecified Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Novell NetMail Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
IBM Hardware Management Console HMC Commands Let Users Gain Elevated Privileges. Read more

securitytracker.com
MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information. Read more

securitytracker.com
Cisco 7940 IP Phone Can Be Crashed By Remote Users Sending a Sequence of SIP INVITE Requests. Read more

securitytracker.com
teTeX Buffer Overflows Let Remote Users Execute Arbitrary Code and Unsafe Temporary Files Let Local Users Overwrite Files. Read more

Heimdal Kerberos Uninitialized Variable in ftpd Application Has Unspecified Impact. Read more

 

 

News
www.securityfocus.com
Microsoft patches DirectX, Internet Explorer. Read more

www.securityfocus.com
National labs hit with targeted attacks. Read more

www.securityfocus.com
Secunia faces legal threat over flaw advisory. Read more

www.theregister.co.uk
Media player users beware: more vulns ahead. Read more

www.theregister.co.uk
Hey, HP laptop owners: click here to get hijacked. Read more

www.theregister.co.uk
Windows Service Pack refuseniks offered temporary respite. Read more

www.smh.com.au
Microsoft axes Vista 'kill switch' feature. Read more

www.itpro.co.uk
Ask.com adds eraser to protect privacy. Read more

www.networkworld.com
Attackers poised to exploit Olympics, presidential elections in 2008. Read more

www.securitypronews.com
Rogers Internet Injects Itself Into Google. Read more

www.australianit.news.com.au
Police WiFi sting brings arrest. Read more

www.news.com
Warning sounded over 'flirting robots'. Read more

05 December 2007

Guides, Papers, etc
honeyblog.org
Technical Report: Studying Malicious Websites and the Underground Economy on the Chinese Web. Read more

honeyblog.org
Technical Report: Characterizing the IRC-based Botnet Phenomenon. Read more

www.channelregister.co.uk
Tracking down the Ron Paul spam botnet. Read more

isc.sans.org
Estonian Defense Minister Comments. Read more

blogs.securiteam.com:
The number of unpatched QuickTime flaws is: two. Read more

blog.wired.com
Blind Hacker Says He's No Friend of Convicted SWATters. Read more

sunbeltblog.blogspot.com
State of South Carolina lovin' porn. Read more

sunbeltblog.blogspot.com
New fake codec trojan variant -- Windows and Mac -- codecmega. Read more

www.f-secure.com
Worm-Like Anti-Theft. Read more

ddanchev.blogspot.com
Censoring Web 2.0 - The Access Denied Map. Read more

www.darkreading.com
New DNS Technology Flags Bad Guys Before They Act. Read more

www.darkreading.com
Study Reveals Overlooked Sources of Leaks. Read more

www.darkreading.com
Microsoft's Wireless Keyboard Hacked. Read more

www.theregister.co.uk
Win 2000 anti-virus products fail independent tests. Read more

isc.sans.org
From the mailbag, December 3rd edition. Read more

www.ispreview.co.uk
Microsoft - IE Browser More Secure Than Firefox. Read more

holisticinfosec.org
Malcode Analysis Techniques for Incident Handlers. Read more

holisticinfosec.org
Mandiant Red Curtain: Malware identification for incident responders. Read more

 

Vulnerabilities & Exploits
securitytracker.com
Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks. Read more

securitytracker.com
Squid Cache Update Reply Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com
Beehive Forum Input Validation Flaw in 't_dedupe' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com
Solaris Linux Branded Zone Bug in brand_sys_int80() Function Lets Local Users Deny Service. Read more

 

News
press-releases.techwhack.com
F-Secure reports amount of malware grew by 100% during 2007. Read more

news.zdnet.co.uk:
Governments prepare for 'cyber cold war'. Read more

www.vnunet.com
Spammers shift to spreading malware. Read more

www.channelregister.co.uk:
Grisoft acquires LinkScanner. Read more

www.hardwarezone.com
Three Year Old Worm Accounts For Almost A Quarter Of Email Malware. Read more

03 December 2007

Guides, Papers, etc
www.win.tue.nl
Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5. Read more

computerworld.co.nz:
DNS hacked again with poisoning attack. Read more

www.itwire.com:
Online banking, transactions and security – how safe are we really? Read more

www.win.tue.nl:
Predicting the winner of the 2008 US Presidential Elections using a Sony PlayStation 3. Read more

www.f-secure.com:
Merry Christmas and so on. Read more

isc.sans.org:
Active exploit site for Quicktime RTSP Response vulnerability. Read more

www.cisrt.org
Exploit for Quicktime Vulnerability. Read more

blog.trendmicro.com
Xunlei X-ploit X-amined. Read more

www.darkreading.com
AV Vendor Adopts 'Herd' Intelligence. Read more

blogs.securiteam.com:
Tools, tools, tools. Read more

www.pcadvisor.co.uk
30 quick fixes for Windows XP & Vista. Read more

 

News
www.nzherald.co.nz:
Teen hacker has mild autism. Read more

www.computerworld.com:
Hackers expoit Apple Quicktime vulnerability. Read more

www.responsesource.com:
New report reveals 20 billion spam emails are targeted at UK computer users every day. Read more

www.darkreading.com
Insecure Software Costs US $180B per Year. Read more

news.softpedia.com:
Google And Microsoft Focused On Users' Security, Yahoo Ignores The Infections. Read more

news.softpedia.com:
Hackers Broke Into The Rolls-Royce Network. Read more

blogs.iss.net:
Phishers test the water with shorter hooks. Read more

www.itnews.com.au
Malware bandits go looking for goals on ESPN's Soccernet.com. Read more

www.computerworld.com:
Microsoft Takes Steps to Prevent WGA Potholes. Read more

www.northjersey.com:
Identity theft makes couple helpless. Read more

01 December 2007

Guides, Papers, etc
ddanchev.blogspot.com:
Malware Serving Online Casinos. Read more

ddanchev.blogspot.com:
66.1 Host Locked. Read more

www.darkreading.com:
AV Vendor Adopts 'Herd' Intelligence. Read more

isc.sans.org:
Facebook, pr0n and privacy. Read more

isc.sans.org:
Bot Roast II. Read more

www.f-secure.com:
Holiday Roast. Read more

sunbeltblog.blogspot.com
USAID site hacked, serving porn. Read more

sunbeltblog.blogspot.com
Dwindling Spiral: The increasingly degraded practices of Adult Friend Finder. Read more

sunbeltblog.blogspot.com
Four new rogue antispyware programs. Read more

sunbeltblog.blogspot.com
Another reason why Firefox really is safer than IE. Read more

sunbeltblog.blogspot.com
Porn back on ca.gov site? Oh, this is not good. Read more

sunbeltblog.blogspot.com
new fake codec: vplprocedure. Read more

sunbeltblog.blogspot.com
HEADS UP: More Google poisoning on the way? Read more

blog.trendmicro.com
Consented Blackmail. Read more

msmvps.com
Performanceoptimizer malware hits www.defsounds.com. Read more

www.joelesler.net
Now, that's a nice User-Agent. Read more

isc.sans.org:
Firefox 2.0.0.11. Read more

eprint.iacr.org:
Cryptanalysis of the Random Number Generator of the Windows Operating System. Read more

www.darkreading.com:
Making $1M a Month. Read more

www.darkreading.com:
Wachovia Automates Security Policies. Read more

www.darkreading.com:
When Projects Cause Security Failures. Read more

www.cio.com:
E-Mail Analysis Snooping in Your In-Box. Read more

techdirt.com:
News Publishers Want To Change Robots.txt; Want To Make Sure Their Content Is Less Useful. Read more

www.news.com:
Report: Hackers say they can steal 'Second Life' currency. Read more

www.technewsworld.com:
Cyber Spying Set to Explode. Read more

www.betanews.com:
Microsoft: Firefox users in danger due to more frequent updates. Read more

blogs.technet.com
Internet Explorer and Firefox Vulnerability Analysis. Read more

www.pcadvisor.co.uk:
Why old Wi-Fi security is vulnerable to attack. Read more

www.wired.com:
Online Games Use Fraud Software to Combat Cheats. Read more

www.podtrac.com:
Audio. Security Now 120: Your Questions, Steve's Answers 29. Listen

cpe.njit.edu:
Video Lectures Data Mining. Read more

cpe.njit.edu:
Operating Systems Video Lectures. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
OpenSSL FIPS Object Module Self-Test Error Causes the System to Generate More Predictable Pseudo Random Data. Read more

securitytracker.com:
securitytracker.com:
Cairo Integer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Tivoli Netcool Security Manager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Solaris Fibre Channel Protocol Driver Flaw Lets Local Users Deny Service. Read more

securitytracker.com:
Pioneers Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
FreeBSD Kernel May Disclose Previously Read Pseudo Random Data to Local Users. Read more

securitytracker.com:
TIBCO Rendezvous RV Daemon Memory Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Asterisk Input Validation Flaw in res_config_pgsql Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Asterisk Input Validation Flaw in cdr_pgsql Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
APC Switched Rack Power Distribution Units Grant Access to Remote Users. Read more

securitytracker.com:
Red Hat Content Accelerator Kernel Patch open(O_ATOMICLOOKUP) Function Lets Local Users Deny Service. Read more

securitytracker.com:
HP OpenView Network Node Manager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
@Mail Input Validation Hole in 'util.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Solaris RPC Race Condition Lets Local Users Deny Service. Read more

securitytracker.com:
ht://Dig Input Validation Hole in 'sort' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
IBM Lotus Notes for Linux Has Unsafe Folder Permissions Let Local Users Gain Root Privileges. Read more

securitytracker.com:
scanbuttond Symlink Bug Lets Local Users Gain Root Privileges. Read more

 

Tools:
www.xirrus.com:
Xirrus Wi-Fi Monitor Gadget for Windows Vista. Read more

 

News
www.securityfocus.com:
FBI nets eight suspected bot masters. Read more

www.guardian.co.uk:
Teenager arrested over '£9.7m computer hacking ring'. Read more

www.theregister.co.uk:
NZ police cuff teenage botnet mastermind suspect. Read more

www.securityfocus.com:
TJX wins one battle, offers banks $41 million. Read more

www.theregister.co.uk:
California gov site invaded by smut and malware again. Read more

www.computerworld.com:
Dell sues cybersquatters. Read more

www.computerworld.com.au:
Technology identifies invisible intruders on wireless LANs. Read more

blogs.guardian.co.uk:
YouTube suspends Egyptian blog activist's account. Read more

www.securityfocus.com:
Random number bug blights FreeBSD. Read more

www.news.com:
Study: 'Huge jump' in Microsoft flaws since last year. Read more

www.securityfocus.com:
Hackers re-poison Google search results. Read more

www.computeractive.co.uk
Cyber-cops bust online marriage scam. Read more

www.wired.co:
Prosecutors Score Big in Week 3 of Linux programmer Hans Reiser Murder Trial. Read more


Copyright© MegaSecurity.org