Home    News Archive    Translate Traducen
News January 2006
31 January 2006

Guides, Papers, etc
software.silicon.com:
Inside Kaspersky Labs: AV at the cold heart of Russia. Read more

www.securityfocus.com:
Google's data minefield. Read more

www.computerbytesman.com:
Google.com vs. Google.cn side-by-side image search. Read more

www.spywaretesting.org:
Anti-Spyware Testing Best Practice. Read more

www.technewsworld.com:
Online, but Out of Sight. Read more

www.aquick.org:
What�s the big fuss about IP addresses? Read more

blogs.securiteam.com:
CME-24 (BlackWorm) Users� FAQ. Read more

www.securityfocus.com:
NSA's Trailblazer loses way. Read more

 

Tools:
www.emailbattles.com:
Combine 3 Free Tools for a Complete Windows Registry Fix. Read more

 

Vulnerabilities & Exploits
mohajali.lezr.org:
Vulnerability in RapidShare.de the well known file hosting company. Read more

securitytracker.com:
UBBThreads Input Validation Hole in 'showflat.php' Permits SQL Injection Attacks. Read more

 

News
www.securityfocus.com:
Winamp, Shoutcast exploits released same day. Read more

www.pconline.com.ru:
Security Vendors Team Up on Malware. Read more

www.infoworld.com:
Hackers lurk in AMD Web site. Read more

www.informationweek.com:
Buyers Scour eBay For Data-Rich Hard Drives. Read more

www.vnunet.com:
Trojan tests antivirus response time. Read more

news.bbc.co.uk:
Countdown for nasty Windows virus. Read more

www.theregister.co.uk:
MS to omit anti-virus from Vista. Read more

news.com.com:
New worm crawling through blogs?! Read more

news.com.com:
180solutions drops suit against Zone Labs. Read more

news.com.com:
Fortinet, Trend Micro settle antivirus dispute. Read more

www.theregister.co.uk:
Spain arrests six in net pervert crackdown. Read more

30 January 2006

Guides, Papers, etc
www.peacefire.org:
How to install the Circumventor program, which gets around all Web-blocking software. Read more

www.sans.org Stay Sharp: Deploying GenIII Honeynets. Read more

blogs.securiteam.com:
Two versions of Google. Read more

www.informit.com:
Pane Relief: Rooting Around for Rootkits. Read more

www.securiteam.com:
Cross Site Cooking. Read more

blogs.securiteam.com:
Memoirs of an (infected) virus researcher. Read more

dsonline.computer.org:
Denial-of-Service Attack-Detection Techniques. Read more

reviews.cnet.com:
Cybercrime does pay; here's how. Read more

support.microsoft.com:
How to Automate Disk Defragmenter Using Task Scheduler Tool in Windows XP. Read more

 

Tools:
www.insecure.org:
Nmap 3.9999 now available. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
ASPThai Input Validation Hole in 'login.asp' Permits SQL Injection Attacks. Read more

securitytracker.com:
Face Control Input Validation Hole in 'vis.pl' Lets Remote Users Traverse the Directory. Read more

 

News
www.politechbot.com:
In China, Google censors more than just politics: beer, dating, joke, gay sites too. Read more

blog.outer-court.com:
Google Removes Its Help Entry on Censorship, More News. Read more

www.redherring.com:
US Eyes China's Net Restraints. Read more

weblog.infoworld.com:
Microsoft's OneCare Has Holes. Read more

www.wired.com:
Microsoft Tricks Hacker Into Jail. Read more

www.networkworld.com:
Start-up Mu Security looks to lock down code. Read more

28 January 2006

Guides, Papers, etc
www.sans.org:
The Spyware Threat Today at Wednesday, February 01 at 1:00 PM EST (1800 UTC/GMT). Read more

www.snort.org:
Additional VRT Analysis - Blackworm/Nymex Worm. Read more

www.lurhq.com:
BlackWorm Statistics. Read more

www.us-cert.gov:
Understanding Hidden Threats: Rootkits and Botnets. Read more

www.securityfocus.com:
Good worms back on the agenda. Read more

news.bbc.co.uk:
Bill Thompson: Why Google in China makes sense. Read more

blogs.msdn.com:
Code Scanning Tools Do Not Make Software Secure. Read more

blogs.securiteam.com:
UK Home Office Trying To Ban Development Of Hacker/Security Tools. Read more

blog.ziffdavis.com:
Is BIOS The Next Target of Rootkits? Read more

news.com.com:
Roundtable: Google's Chinese puzzle. Listen

arstechnica.com:
Gates vs. Jobs: who is the good guy? Read more

www.redherring.com:
Q&A: Bot-Buster Merrick Furst. The associate dean at Georgia Tech�s College of Computing says botnets are today�s top security threat. Read more

i.cmpnet.com:
Network Computing technology editor Mike DeMaria got together to talk about the possibilities and problems of using instant messaging in the enterprise. Listen

ddanchev.blogspot.com:
Skype to control botnets?! Read more

www.informit.com:
Pane Relief: Rooting Around for Rootkits. Read more

software.silicon.com:
Photos: Inside Moscow's Kaspersky Lab. Read more

news.com.com:
Video: A look inside the Vista system. Watch

www.crn.com:
Interview: Microsoft's Allchin Discusses Vista Security. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco VPN 3000 Concentrator Bug in HTTP Service Lets Remote Users Deny Service. Read more

securitytracker.com:
Sun StorEdge 'nsrd.exe' and 'nsrexecd.exe' Heap Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Oracle AS PLSQL Gateway PLSQLExclusion List Bug Lets Remote Users Gain Access to the Target Database. Read more

securitytracker.com:
Cisco IOS AAA Command Authorization Feature May Let Remote Authenticated Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
Blackmal virus spreads in India, Peru. Read more

www.theregister.co.uk:
Kama Sutra wipeout. Read more

www.itnews.com.au: Kama Sutra spoofs digital certificates. Read more

www.betanews.com:
MS Source Code Seller (illwill) Gets Two Years. Read more

us.cnn.com:
Hacker 'illwill' gets 2 year prison term. Read more

news.bbc.co.uk:
US plans to 'fight the net' revealed. Read more

www.fcw.com:
Experts: Countries make dangerous cyber adversaries. Read more

www.theregister.co.uk:
Google pulls 'we don't censor' statement. Read more

business.timesonline.co.uk:
Gates defends China's internet restrictions. Read more

blog.outer-court.com:
Google Removes Its Help Entry on Censorship, More News. Read more

www.betanews.com:
Google Heads to Court to Protect Users. Read more

spong.com:
Unhackable PSP Firmware Hacked. Read more

www.technewsworld.com:
Scholars Start Campaign to Shame Spyware Senders. Read more

www.theregister.co.uk:
Seven cough to copying Star Wars DVD. Read more

news.bbc.co.uk:
Music lovers caught in DRM battle. Read more

27 January 2006

Guides, Papers, etc
bink.nu:
A conversation with Steve Santorelli on malware. Listen

interviews.slashdot.org:
MS Security VP Mike Nash Replies. Read more

www.benedelman.org:
Pushing Spyware through Search. Read more

www.securityfocus.com:
Researchers: Rootkits headed for BIOS. Read more

www.wired.com:
Bruce Schneier: Big Risks Come in Small Packages. Read more

www.securityfocus.com:
Zero-day details underscore criticism of Oracle. Read more

www.securityfocus.com:
Phone flooding. Read more

www.regdeveloper.co.uk:
Fishing for POI. Creating Excel or Word files from Java...Read more

www.insecuremag.com:
(IN)SECURE Magazine ISSUE 1.5. Read more

searchwindowssecurity.techtarget.com:
Checklist: 11 things to do after a hack. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Sophos AntiVirus Products ARJ Archives Security Bypass Vulnerability. Read more

www.debian.org:
DSA-957-1 imagemagick -- missing shell meta sanitising. Read more

www.debian.org:
DSA-956-1 lsh-server -- filedescriptor leak. Read more

www.debian.org:
DSA-955-1 mailman -- DoS. Read more

www.argeniss.com:
Proof of concept exploit code Oracle Database Buffer overflow vulnerability in public procedure DBMS_XMLSCHEMA.GENERATESCHEMA. Read more

securitytracker.com:
FreeBSD pf(4) Scrub Rule Error Lets Remote Users Deny Service. Read more

securitytracker.com:
FreeBSD Kernel ioctl() Functions May Disclose Kernel Memory to Local Users. Read more

securitytracker.com:
OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases. Read more

securitytracker.com:
Note-A-Day Lets Remote Users Access Authentication Information. Read more

 

News
networks.silicon.com:
Google's Chinese firewall blocks more than Yahoo! Read more

news.bbc.co.uk:
Google move 'black day' for China. Read more

www.heise.de:
Internet providers have to tell customers what data they are collecting. Read more

www.theregister.co.uk:
Oracle in war of words with security researcher. Read more

www.theregister.co.uk:
Botnet control fears over IP telephony. Read more

www.itweb.co.za:
Kama Sutra worm to hit next week. Read more

www.playfuls.com:
Skype, One Of The Best Botnet Control Tools For Hackers. Read more

news.bbc.co.uk:
New year brings fresh security fears. Read more

www.sophos.com:
Spyware suspect arrested in Japan. Read more

news.com.com:
Feds arrest alleged Internet ID thief. Read more

www.theregister.co.uk:
MS sues over anti-spyware scam. Read more

www.theregister.co.uk:
Google cache not a breach of copyright. Read more

software.silicon.com:
Security professionals back tougher laws for hackers. Read more

www.theregister.co.uk:
Home Office pushes tough anti-hacker law. Read more

sunbeltblog.blogspot.com:
Seen in the wild: New ClickFraud Trojan. Read more

www.informationweek.com:
Bots Nearly Triple In 2005. Read more

www.securitypronews.com:
A New Pack Of Trojans. Read more

software.silicon.com:
CA software poses "critical" security risk. Read more

computerworld.co:
FTC imposes $10M fine against ChoicePoint for data breach. Read more

26 January 2006

Guides, Papers, etc
www.techworld.com:
How bad is the Skype botnet threat? Read more

reviews.cnet.com:
Use an iPod, go to jail? Read more

www.cloquetmn.com:
Follow these 10 smart ways to avoid identity theft. Read more

www.cs.berkeley.edu:
The "Worm" Programs Early Experience with a Distributed Computation. Read more

ddanchev.blogspot.com:
The Feds, Google, MSN's reaction, and how you got "bigbrothered"? Read more

www.theta44.org:
Attacking Automatic Wireless Network Selection. Read more

 

Vulnerabilities & Exploits
www.whitedust.net:
Critical Browser Translation Issue Presents Massive Attack Vector. Read more

securitytracker.com:
Red Hat Certificate Server Buffer Overflow in Help System May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Directory Server Buffer Overflow in Help System May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Red Hat Directory Server Buffer Overflow in Help System May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MyBB Input Validation Flaw in 'usercp.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
miniBloggie Input Validation Hole in 'login.php' Permits SQL Injection Attacks. Read more

securitytracker.com:
Text Rider Lets Remote Users Obtain Authentication Information. Read more

 

News
www.theregister.co.uk:
Malware potency increases as numbers drop. Read more

www.techworld.com:
Cambridge prof warns of Skype botnet threat. Read more

www.forbes.com:
Why Google Won't Give In. Read more

www.theregister.co.uk:
Google kowtows to China. Read more

www.betanews.com:
Google Censors Chinese Search Results. Read more

sunbeltblog.blogspot.com:
Blackworm worm over 1.8 million infestations and climbing. Read more

www.betanews.com:
Microsoft Opens Windows Source Code. Read more

www.securityfocus.com:
StopBadware backed by Google, Lenovo, and Sun. Read more

www.theregister.co.uk:
StopBadware.org to name and shame spyware scumbags. Read more

www.theregister.co.uk:
Oracle in war of words with security researcher. Read more

www.networkworld.com:
The case of the sneaky daughter and the wireless card. Read more

spamkings.oreilly.com:
Spam history goes 404. Read more

www.emailbattles.com:
Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours. Read more

news.bbc.co.uk:
Banks 'must tackle online fraud'. Read more

25 January 2006

Guides, Papers, etc
www-03.ibm.com:
IBM Report: Surge in CRIMINAL-DRIVEN CYBER ATTACKS Anticipated in 2006. Read more

www.ethicalhacker.net:
Metasploit Tutorial - A New Day for System Exploits. Read more

www.eweek.com:
Microsoft Takes Another Anti-Rootkit Step. Read more

www.syscan.org:
SyScan�06. Call for Papers. Read more

searchsecurity.techtarget.com:
Phish tales: Worse on Linux or Windows? Read more

news.findlaw.com:
Court Papers of James Ancheta aka "Resjames" or "Botmaster" pleaded quilty in Los Angeles yesterday for running a botnet and selling bots. Read more

isc.sans.org:
Handler's Diary: BlackWorm Summary. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Grid Engine Bug in 'rsh' Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
HP-UX Unspecified Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Pixelpost Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources. Read more

securitytracker.com:
Fetchmail Invalid free() on Message Bounce Lets Remote Users Deny Service. Read more

securitytracker.com:
Computer Associates Content-Length Buffer Overflow in iGateway Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-954-1 wine -- design flaw. Read more

www.debian.org:
DSA-953-1 flyspray -- missing input sanitising. Read more

www.debian.org:
DSA-952-1 libapache-auth-ldap -- format string. Read more

 

News
www.theregister.co.uk:
77% of Google users don't know it records personal data. Read more

www.eweek.com:
Google-Funded 'Badware' Coalition Forms. Read more

www.theinquirer.net:
Google helps build Great Firewall of China. Read more

money.cnn.com:
Google offers censored Chinese search. Read more

www.eweek.com:
Harder-to-Detect Oracle Rootkit on the Way. Read more

www.eweek.com:
Microsoft Hardens Vista Against Kernel-Mode Malware. Read more

blogs.washingtonpost.com:
Account Hijackings Force LiveJournal Changes. Read more

blogs.securiteam.com:
BlackWorm network detection. Read more

blogs.securiteam.com:
CME-24: BlackWorm naming confusion. Read more

www.newsfactor.com:
FBI: Most Companies Get Hacked. Read more

www.theregister.co.uk:
Yahoo! phishing warning. Read more

www.theregister.co.uk:
Hey Bill, why am I still getting spam? Read more

www.redorbit.com:
Hacker Who Rented Out Attack Network Pleads Guilty. Read more

24 January 2006

Guides, Papers, etc
www.acsa-admin.org:
Countering Trusting Trust through Diverse Double-Compiling. Read more

blogs.securiteam.com:
The Human Stain. Read more

www.techweb.com:
Attackers To Go After 2006's Weakest Link: People. Read more

www.crypt.gen.nz:
Hardening Internal Networks against Worms. Read more

www.newsfactor.com:
The Worst-Case Hack Scenario. Read more

www.informationweek.com:
Google's Achilles Heel. Read more

news.bbc.co.uk:
The browser and the ballot box. Read more

ddanchev.blogspot.com:
Still worry about your search history and BigBrother? Read more

 

Vulnerabilities & Exploits
fetchmail.berlios.de:
fetchmail-SA-2006-01: crash when bouncing messages. Read more

www.idefense.com:
Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow. Read more

www.debian.org:
DSA-951-1 trac -- missing input sanitising. Read more

www.debian.org:
DSA-950-1 cupsys -- buffer overflows. Read more

securitytracker.com:
SleeperChat Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
e-moBLOG Input Validation Bugs Permit SQL Injection Attacks. Read more

securitytracker.com:
RCBlog Input Validation Hole Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
WebspotBlogging Input Validation Hole in 'login.php' Permits SQL Injection Attacks. Read more

 

News
www.securityfocus.com:
Half-million PCs infected by e-mail virus. Read more

software.silicon.com:
'Porn' virus worms its way into 510,000 systems. Read more

www.pcworld.com:
Nyxem Worm Programmed to Erase Files. Read more

news.zdnet.co.uk:
Hackers attacked parliament using WMF exploit. Read more

www.betanews.com:
MSN Admits to Sharing Search Data. Read more

software.silicon.com:
Kaspersky boss explodes security myths. Read more

www.securityfocus.com:
Bot herder pleads guilty to 'zombie' sales. Read more

www.securityfocus.com:
CDT files complaint against 180solutions. Read more

www.sophos.com:
Bill Gates death-of-spam prediction flops, as "dirty dozen" spam countries revealed. Read more

www.vnunet.com:
Cyber criminals turn pro. Read more

news.com.com:
What the heck is Yahoo thinking? Read more

www.eweek.com:
Sunbelt Tracks DIY Trojan Builder Program. Read more

software.silicon.com:
Microsoft helps net MSN phishing ring. Read more

23 January 2006

Guides, Papers, etc
www.networkmagazineindia.com:
The Rootkit and Botnet menace. Read more

www.businessweek.com:
Coming to Your PC's Back Door: Trojans. Read more

news.bbc.co.uk:
The world according to Google. Read more

blogs.securiteam.com:
Market hype: �Application Firewalls�, take #2. Read more

blogs.securiteam.com:
Practical DDoS mitigation techniques (and an interesting paper). Read more

www.fas.org:
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF. Read more

blogs.washingtonpost.com:
Account Hijackings Force LiveJournal Changes. Read more

 

Vulnerabilities & Exploits
mail.google.com:
Am I receiving someone else's email? Read more

blogs.securiteam.com:
KDE JS bug poses a real threat. Read more

securitytracker.com:
MyDNS Service Can Be Crashed By Remote Users. Read more

securitytracker.com:
Hitachi JP1/NetInsight II Port Discovery Service Can Be Crashed Remote Users. Read more

securitytracker.com:
Hitachi HITSENSER Data Mart Server Input Validation Flaw in Configuration Function Permits SQL Injection Attacks. Read more

 

News
www.microsoft.com:
Microsoft Praises Bulgarian Authorities on Investigation and Arrest of Alleged Phishing and Organized Crime Group. Read more

www.theregister.co.uk:
Windows back door rumor is bunk. Read more

www.informationweek.com:
Holy_father Delivers Rootkits To The Masses. Read more

www.technewsworld.com:
Uproar Grows Over US Demand for Google Search Records. Read more

www.theinquirer.net:
Is your firewall spying on you? Read more

software.silicon.com:
Email security firm resorts to dirty sales tricks. Read more

www.vnunet.com:
Early warning service now covers spyware. Read more

www.vnunet.com:
Business booms as virus threats grow. Read more

www.m2.com:
BlackSpider warns of new trojan e-mail. Read more

nwc.securitypipeline.com:
Security Company Uses Google To Help Find Vulnerabilities. Read more

www.denverpost.com:
Hackers' attacks more calculating. Read more

www.boston.com:
Microsoft's first duty. Read more

www.deepikaglobal.com:
Ethical hacking can ensure computer security: Ankit Fadia. Read more

news.com.com:
Microsoft looks beyond Vista, sees Vienna. Read more

www.engadget.com:
WiFi sniffer turns your DS into a wardriving tool. Read more

21 January 2006

Guides, Papers, etc
blogs.securiteam.com:
BlackWorm stats. Read more

www.securityfocus.com:
The Brain virus turns 20. Read more

media.grc.com:
GRC's "MouseTrap". Listen

searchwindowssecurity.techtarget.com:
Open source security in a Windows enterprise. Read more

www.infectionvectors.com:
Cotton, China, and Bagles: The Beagle Worm�s Second Anniversary. Read more

www.microsoft.com:
Cleaning a Compromised System. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
FreeBSD 802.11 Response Frame Integer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
saralblog Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
KDE kjs Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.infoworld.com:
Botnets shrinking in size, harder to trace. Read more

www.infoworld.com:
Senate panel warns Internet porn vendors. Read more

news.bbc.co.uk:
Google defies US over search data. Read more

blog.searchenginewatch.com:
The Day After: Points In The Search Trust Sweepstakes. Read more

www.technewsworld.com:
Uproar Grows Over US Demand for Google Search Records, Read more

today.reuters.co.uk:
Privacy experts condemn subpoena of Google. Read more

today.reuters.com:
Google shock as shares fall nearly 10 percent. Read more

www.informationweek.com:
New Worm Hits The Top Of The Threat Charts. Read more

www.informationweek.com:
F-Secure Quickly Fixes 23 Flaws In Its Anti-Virus Products. Read more

www.theregister.co.uk:
Windows back door rumor is bunk. Read more

www.theregister.co.uk:
Banks make it easy for scammers. Read more

blogs.washingtonpost.com:
Account Hijackings Force LiveJournal Changes. Read more

20 January 2006

Guides, Papers, etc
www.wired.com:
How to Foil Search Engine Snoops. Read more

blogs.securiteam.com:
Microsoft does it again with SP3 and Vista. Read more

ddanchev.blogspot.com:
Why relying on virus signatures simply doesn't work anymore? Read more

blogs.securiteam.com:
Market hype: �Application Firewalls� (everything over HTTP and web vulnerabilities). Read more

searchwindowssecurity.techtarget.com:
Microsoft security tools vs. third party. Read more

money.cnn.com:
Spy on yourself online. Read more

www.eff.org:
iTunes MiniStore "phone home" feature part of a dangerous trend in data collection. Read more

www.windowsecurity.com:
Securing the Network from Within (Part 1). Read more

 

Vulnerabilities & Exploits
www.f-secure.com:
F-Secure Security Bulletin FSC-2006-1 Code execution vulnerability in ZIP and RAR-archive handling. Read more

www.debian.org:
DSA-946-1 sudo -- missing input sanitising. Read more

securitytracker.com:
TippingPoint Intrusion Prevention System HTTP Processing Lets Remote Users Deny Service. Read more

securitytracker.com:
F-Secure Internet Security Buffer Overflow in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
F-Secure Personal Express Overflow in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
F-Secure Internet Gatekeeper Buffer Overflow in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
F-Secure Anti-Virus Buffer Overflow in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP-UX ftpd Unspecified Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
eggblog Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
DM Deployment Common Component (DMPrimer) Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco CallManager TCP Connection Management Handling Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco CallManager Bug Lets Read-Only Administrators Gain Full Administrator Privileges. Read more

securitytracker.com:
Cisco IOS Stack Group Bidding Protocol Lets Remote Users Deny Service. Read more

securitytracker.com:
EMC Legato NetWorker 'nsrd.exe' and 'nsrexecd.exe' Heap Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact. Read more

securitytracker.com:
microBlog Input Validation Bugs Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Dual DHCP DNS Server Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
AOL Buffer Overflow in You've Got Pictures ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
geoBlog Input Validation Hole in 'viewcat.php' Permits SQL Injection Attacks. Read more

 

News
www.mercurynews.com:
Feds after Google data. Read more

www.eff.org:
EFF Applauds Google Resistance to Government Subpoena. Read more

www.securityfocus.com:
Google vs. government. Read more

news.com.com:
Feds take porn fight to Google. Read more

techdirt.com:
Uncle Sam Wants Your Google Searches (And Already Got Results From Others). Read more

www.theregister.co.uk:
PC virus celebrates 20th birthday. Read more

www.vnunet.com:
Twenty years of computer viruses. Read more

www.securityfocus.com:
Flaw researcher offers ad space in report. Read more

blogs.zdnet.com:
More super rogue anti-spyware. Read more

news.bbc.co.uk:
Zombie PCs target vulnerable sites. Read more

news.com.com:
Faster Wi-Fi standard gets draft approval. Read more

today.reuters.com:
Online attacks common for business, FBI says. Read more

today.reuters.co.uk:
Rating system urged for adult Internet content. Read more

19 January 2006

Guides, Papers, etc
www.microsoft.com:
Applying the Principle of Least Privilege to User Accounts on Windows XP. Read more

www.fbi.gov:
2005 FBI Computer Crime Survey. Read more

www.sysinternals.com:
Inside the WMF Backdoor. Read more

www.infectionvectors.com:
Cotton, China, and Bagles: The Beagle Worm�s Second Anniversary. Read more

blogs.securiteam.com:
Saying NO to messy user agents. Read more

www.securityfocus.com:
How not to respond to a security advisory. Read more

isc.sans.org:
Illusions of security. Read more

www.pcmag.com:
Security in IE7. Read more

www.wired.com:
The Backhoe: A Real Cyberthreat. Read more

www.wi-fiplanet.com:
The Windows Ad-Hoc Exploit. Read more

 

Tools:
www.lurhq.com:
Truman - The Reusable Unknown Malware Analysis Net. Read more

www.heidi.ie:
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Read more

www.stationx.net:
Windows Permission Identifier v1.0. Read more

 

News
www.securityfocus.com:
FBI publishes 2005 computer crime survey. Read more

www.scmagazine.com:
Kaspersky: AV companies losing malware ware. Read more

www.securityfocus.com:
OneCare sees drop in firewall use. Read more

www.technewsworld.com:
Microsoft Taking Its Time With Next Service Pack. Read more

inhome.rediff.com:
What Bill Gates forecasts. Read more

www.theregister.co.uk:
Kama Sutra worm ties security in knots. Read more

www.emailbattles.com:
MSN Blockades phpBB Searchers. Read more

www.theregister.co.uk:
Hey, hey it's Oracle patching day. Read more

news.com.com:
Backup software flaws pose risk. Read more

www.infoworld.com:
Consumer groups push for net neutrality rules. Read more

18 January 2006

Guides, Papers, etc
www.securityfocus.com:
Sebek 3: tracking the attackers, part one. Read more

blogs.securiteam.com:
How long did Microsoft know of the WMF issue? Read more

www.websensesecuritylabs.com:
Reverse Engineering WMF Exploit Code. Watch

www.microsoft.com:
What You Need to Know About the Sober Worm. Read more

www.informationweek.com:
Windows Wi-Fi Flaw Lets Others See Your Stuff. Read more

spaces.msn.com:
Windows OneCare Firewall � Keepin� it Green, Part I. Read more

ddanchev.blogspot.com:
What are botnet herds up to? Read more

ddanchev.blogspot.com:
China - the biggest black spot on the Internet�s map. Read more

news.bbc.co.uk:
Mac security concerns answered. Read more

www.eweek.com:
The Moon and the Spam Filter. Read more

security.ithub.com:
Q&A with Mark Loveless, a.k.a Simple Nomad. Read more

 

Tools:
sourceforge.net:
Anonym.OS LiveCD is a bootable live cd based on OpenBSD that provides a hardened operating environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-945-1 antiword -- insecure temporary file. Read more

www.debian.org:
DSA-944-1 mantis -- several vulnerabilities. Read more

www.debian.org:
DSA-943-1 perl -- integer overflow. Read more

 

News
news.com.com:
Sony rootkit victims in every state, researcher says. Read more

www.microsoft-watch.com:
XP SP3: Don't Hold Your Breath. Read more

www.pcworld.idg.com.au:
New keylogging trojan races around the world. Read more

spamkings.oreilly.com:
Under attack, spammer begs for mercy. Read more

www.techworld.com:
Ipoque launches network Skype-killer. Read more

news.bbc.co.uk:
Blackmailers target $1m website. Read more

www.itnews.com.au:
Exploit loose for Veritas NetBackup bug. Read more

www.itnews.com.au:
Bug bounty hunters spot flaw in Linux AV. Read more

security.ithub.com:
'You've Got Flaw' AOL. Read more

cbs2.com:
O.C. Firefighter Indicted On Porno Charges. Read more

today.reuters.co.uk:
China Internet users hit 111 million in 2005. Read more

17 January 2006

Guides, Papers, etc
www.sysinternals.com:
Rootkits in Commercial Software. Read more

ddanchev.blogspot.com:
Anonymity or Privacy on the Internet? Read more

www.cs.tau.ac.il:
Phishing Problems: Technology and Countermeasures. Read more

 

Vulnerabilities & Exploits
www.nmrc.org:
Microsoft Windows Silent Adhoc Network Advertisement. Read more

securitytracker.com:
Sun Solaris lpsched Lets Local Users Disable the Service and Delete Files. Read more

securitytracker.com:
Benders Calendar Input Validation Hole Permits SQL Injection Attacks. Read more

securitytracker.com:
Linksys BEFVP41 VPN Router Can Be Crashed By Remote Users. Read more

securitytracker.com:
Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases. Read more

securitytracker.com:
Cisco 7940/7960 IP Phones Can Be Crashed by Remote Users. Read more

securitytracker.com:
Novell Remote Manager for SUSE Linux Content-Length Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Toshiba Bluetooth Stack Input Validation Holes Permit Directory Traversal Attacks. Read more

securitytracker.com:
PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Input Validation Error in Session ID Values Permits HTTP Response Splitting Attacks. Read more

 

News
www.securityfocus.com:
Researcher: Sony BMG "rootkit" still widespread. Read more

www.macworld.co.uk:
Microsoft exec rejects security flaw intentional. Read more

news.zdnet.co.uk:
WMF flaw: Malice or incompetence? Read more

www.securityfocus.com:
Simple wireless flaw revealed. Read more

edition.cnn.com:
'Hacker' held over U.S. Navy breach. Read more

english.chosun.com:
Korea Drops in Hacker Ranking. Read more

blogs.zdnet.com:
Skype 2.0 looks like a virus. Read more

www.securityfocus.com:
Vista patched for WMF flaw. Read more

www.theregister.co.uk:
Phishing fraudsters target Apple. Read more

news.com.com:
Police blotter: Sysadmin loses e-intrusion case. Read more

www.tmobiledoesntworkatstarbucks.org:
Hotspots failing due to desperate breakfasts needs of coffee drinkers. Read more

news.bbc.co.uk:
Peeping tom CCTV workers jailed. Read more

16 January 2006

Guides, Papers, etc
www.benedelman.org:
Affiliate Hall of Shame. Read more

www.viruslist.com:
No rootkit in Kaspersky Anti-Virus. Read more

castlecops.com:
Hacking With The Google Search Engine. Read more

castlecops.com:
Merijn's StartupList Version TWO. Read more

blogs.washingtonpost.com:
Windows Wireless Flaw a Danger to Laptops. Read more

www.processor.com:
Malicious File Detection Strategies. Read more

www.edbott.com:
Windows Vista to include two-way firewall. Read more

www.pcmag.com:
Spyware Alert: WinFixer Almost Tricked Us. Read more

ice.citizenlab.org:
Technical ways to get around censorship. Read more

www.wired.com:
Covert Crawler Descends on Web. Read more

isc.sans.org:
Bot herds exploring vertical markets. Read more

www.net-security.org:
Tips For Staying Secure in 2006. Read more

seattletimes.nwsource.com:
Editing Windows registry may fix hijacked home page. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-942-1 albatross -- design error. Read more

www.debian.org:
DSA-941-1 tuxpaint -- insecure temporary file. Read more

 

News
www.technewsworld.com:
Study: Nearly a Quarter Million PCs Turned Into 'Zombies' Daily. Read more

blogs.washingtonpost.com:
Florida Leads Nation in Sony Rootkit Victims. Read more

www.chicagotribune.com:
Critics Say ITunes Is Snooping. Read more

www.toptechnews.com:
Entrepreneur Installs RFID Chips in Both Hands. Read more

www.osx86project.org:
Apple's Hidden Message to Hackers: "Dont Steal Mac OS X". Read more

afr.com:
Who surfs, buys in Microsoft ad push. Read more

www.redherring.com:
Microsoft Opens Ad Lab. Read more

14 January 2006

Guides, Papers, etc
www.grc.com:
The Windows MetaFile Backdoor? Read more

blogs.technet.com:
Looking at the WMF issue, how did it get there? Read more

blog.ziffdavis.com:
"Real" Companies And Their Rootkits. Read more

blogs.securiteam.com:
Patch to eliminate GDI32 Escape() functionality in Windows98SE. Read more

www.astalavista.com:
Today�s threats to online banking. Read more

www.onguardonline.gov:
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. Read more

www.windowsecurity.com:
Switching Technologies. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Aironet Wireless Access Point Memory Can Be Consumed With Spoofed ARP Packets. Read more

securitytracker.com:
PostgreSQL Postmaster Service Error in Processing Multiple Connections Lets Remote Users Block Subsequent Connections. Read more

securitytracker.com:
eStara Softphone Buffer Overflow in SIP SDP Attribute Field May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris find Command Lets Local Users Deny Service. Read more

securitytracker.com:
Solaris x86 mm Driver Lets Local Users Gain Root Access. Read more

securitytracker.com:
FreeBSD ipfw Error in Processing IP Fragments May Let Remote Users Deny Service. Read more

 

News
news.com.com:
'Windows backdoor' theory causes kerfuffle. Read more

www.betanews.com:
Microsoft Disputes WMF Backdoor Claim. Read more

www.informationweek.com:
Microsoft Unveils Ad-Technology Lab. Read more

www.theregister.co.uk:
Anti-spyware group defines detection guidelines. Read more

www.theregister.co.uk:
Zero-day WMF flaw underscores patch problems. Read more

www.vnunet.com:
Kaspersky Lab denies using rootkits. Read more

www.computerworld.com:
Attacks mounting on 'Million Dollar Homepage'. Read more

software.silicon.com:
Anti-spyware group agrees detection guidelines. Read more

www.editorandpublisher.com:
Hacker Posts Fake News Stories on Massachusetts Paper's Web Site. Read more

www.technewsworld.com:
Apple Accused of Spying on iTunes Customers. Read more

business.scotsman.com:
Criminals finding openings in secure shopping websites. Read more

news.com.com:
Police blotter: Sysadmin loses e-intrusion case. Read more

www.esecurityplanet.com:
Reports: IM Threats Steadily Evolving. Read more

www.esecurityplanet.com:
Salaries on the Rise for Security Pros. Read more

13 January 2006

Guides, Papers, etc
eusecwest.com:
EUSecWest/core06 conference. Read more

sunbeltblog.blogspot.com:
Anatomy of a malicious host file hijack. Read more

blogs.securiteam.com:
Cisco, haven�t we learned anything? (technician reset). Read more

blogs.securiteam.com:
And you were saying?! Read more

blogs.securiteam.com:
The Dark Side of Symantec. Read more

blogs.securiteam.com:
Bypassing the random image anti-spam feature. Read more

www.securityfocus.com:
Zero-day WMF flaw underscores patch problems. Read more

www.eweek.com:
Some Rootkits Are Worse Than Others. Read more

chuvakin.blogspot.com:
Anton Chuvakin: security predictions for 2006. Read more

blogs.msdn.com:
Clear my Tracks: yes please!!!!Read more

 

Tools:
www.stationx.net:
Firewall Test Agent v1.1. This simple tool can be used to test and log the rules on a firewall. The Firewall Test Agent is able to open up any number of TCP and UDP ports on a windows machine and log any connection attempts. Read more

fileforum.betanews.com:
Tor for Windows 0.1.1.12 Alpha. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Security Monitoring, Analysis and Response System (CS-MARS) Undocumented Account With Default Password Lets Remote Authenticated Users Gain Administrative Access. Read more

www.uinc.ru:
Multiple PHP Toolkit for PayPal Vulnerabilities. Read more

securityresponse.symantec.com:
Symantec Norton Protected Recycle Bin Exposure. Read more

securitytracker.com:
FreeBSD ee Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
FreeBSD texindex Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple QuickTime GIF Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple QuickTime TIFF Integer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple QuickTime TGA Overflows May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple QuickTime QTIF Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-940-1 gpdf -- buffer overflows. Read more

www.debian.org:
DSA-939-1 fetchmail -- programming error. Read more

www.debian.org:
DSA-938-1 koffice -- buffer overflows. Read more

www.debian.org:
DSA-937-1 tetex-bin -- buffer overflows. Read more

www.cisco.com:
Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks. Read more

 

News
www.pcworld.idg.com.au:
Symantec, Kaspersky criticized for cloaking software. Read more

sunbeltblog.blogspot.com:
Sicko using kid site to download spyware and porn. Read more

www.theregister.co.uk:
Symantec fixes 'rootkit' bug in Systemworks. Read more

www.eweek.com:
Symantec Caught in Norton 'Rootkit' Flap. Read more

www.zdnet.com.au:
Anti-spyware guidelines get final version. Read more

safer-networking.org:
The way Symantec tries to get into anti-spyware... Read more

www.detnews.com:
Feds to send spammer to slammer. Read more

blogs.zdnet.com:
HOSTS file hijacking and bank password stealing trojans. Read more

news.netcraft.com:
DDoS Attack Cited in Million Dollar Homepage Outage. Read more

technology.guardian.co.uk:
I've woken up to the reality of spam: it's passed its peak. Read more

www.theregister.co.uk:
Apple downplays iTunes 'spyware' fears. Read more

www.wired.com:
Spin Doctors Create Quantum Chip. Read more

12 January 2006

Guides, Papers, etc
www.wired.com:
Anonymity Won't Kill the Internet. Read more

www.microsoft.com:
Outfitting a new computer for the Net. Read more

www.microsoft.com:
Windows Vista Features. Read more

www.warnabrother.net:
Wireless technology; friend or foe? Read more

www.eng.tau.ac.il:
Cracking the Bluetooth PIN. Read more

www.ethicalhacker.net:
Step-By-Step Hacking Video. Read more

blogs.technet.com:
Security updates available on ISO-9660 image files. Read more

 

Vulnerabilities & Exploits
www.cisco.com:
Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS). Read more

securitytracker.com:
Symantec Norton SystemWorks Hidden Directory Obscures Files from Anti-Virus Scanners. Read more

securitytracker.com:
Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Clam AntiVirus pefromupx() Buffer Overflow Has Unspecified Impact. Read more

securitytracker.com:
auth_ldap Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
uucp and uustat Buffer Overflows Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
NetBSD settimeofday() Lets Certain Local Users Set the Time Backwards. Read more

securitytracker.com:
Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Deny Service. Read more

securitytracker.com:
MegaBBS Discloses Private Messages to Other Users. Read more

www.debian.org:
DSA-936-1 libextractor -- buffer overflows. Read more

www.debian.org:
DSA-935-1 libapache2-mod-auth-pgsql -- format string vulnerability. Read more

 

News
www.securityfocus.com:
Microsoft posts patches, more WMF flaws arrive. Read more

www.theregister.co.uk:
More cracks appear in Windows. Read more

www.informationweek.com:
Microsoft's Newest Bug Could Be Awful, Researcher Says. Read more

news.zdnet.co.uk:
Symantec flaw can hide hacker activity. Read more

www.eweek.com:
Symantec Caught in Norton 'Rootkit' Flap. Read more

www.theregister.co.uk:
Microsoft wins FAT patent case. Read more

news.com.com:
New Wi-Fi standard back on track. Read more

09 January 2006

Guides, Papers, etc
blogs.securiteam.com:
MS releases MS06-002 and MS06-003. Read more

www.emailbattles.com:
Does Windows Patch Without Permission? Read more

blogs.securiteam.com:
Knowing When To Run: Cutting Loose From The Little Blue E. Read more

blogs.securiteam.com:
The Big Bad Empire: Putting Old Code to Bed. Read more

www.neoava.com:
Malware Action Detection and Protection. Read more

ddanchev.blogspot.com:
Why we cannot measure the real cost of cybercrime? Read more

itmanagement.earthweb.com:
How to Improve on Wireless Security. Read more

compnetworking.about.com:
Using an Unsecured Wireless Network. Read more

www.technewsworld.com:
New PC? How to Set Up a Safe, Secure System. Read more

searchsecurity.techtarget.com:
End of spam, phishing threats not far off. Read more

 

News
www.techworld.com:
Microsoft patches two critical holes. Read more

www.securityfocus.com:
Resort loses 50,000 identities. Read more

www.theregister.co.uk:
Malware on tap scheme draws flak. Read more

blogs.washingtonpost.com:
Clam Antivirus Vulnerability. Read more

itmanagement.earthweb.com:
Top Five Security Threats for 2006. Read more

www.vnunet.com:
Linux 'attracting more virus writers'. Read more

www.theregister.co.uk:
Dodgy anti-spyware firms to cough up $2m. Read more

www.theinquirer.net:
Hackers attack ebaumsworld. Read more

business.newsforge.com:
Why Microsoft is trying to debunk legacy Linux. Read more

www.cio-today.com:
By Law: Catching Up with Malware. Read more

www.theregister.co.uk:
Man sues over chatroom humiliation. Read more

10 January 2006

Guides, Papers, etc
Malware � future trends by Dancho Danchev. Read more

www.benedelman.org:
180's Newest Installation Practices. Read more

www.securityfocus.com:
Patching a broken Windows. Read more

blogs.securiteam.com:
The Big Bad Empire: Putting Old Code to Bed. Read more

windowsconnected.com:
Will My Applications Work on Windows Vista? Read more

www.useit.com:
Search Engines as Leeches on the Web. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Vulnerability in Graphics Rendering Engine Allows Remote Code Execution (MS06-001). Read more

www.debian.org:
DSA-934-1 pound -- several vulnerabilities. Read more

www.debian.org:
DSA-933-1 hylafax -- arbitrary command execution. Read more

www.debian.org:
DSA-932-1 kdegraphics -- buffer overflows. Read more

www.debian.org:
DSA-931-1 xpdf -- buffer overflows. Read more

www.debian.org:
DSA-930-1 smstools -- format string attack. Read more

www.debian.org:
DSA-929-1 petris -- buffer overflow. Read more

 

News
www.techworld.com:
Two new Windows bugs found. Read more

blogs.technet.com:
Information on new WMF Posting. Read more

software.silicon.com:
Microsoft to hunt 'new species' of bugs. Read more

news.com.com:
Create an e-annoyance, go to jail. Read more

www.fcw.com:
SANS: Popular certifications don't ensure security. Read more

www.securityfocus.com:
Sony settlement gets judge's nod. Read more

www.securityfocus.com:
Sober virus plummets. Read more

software.silicon.com:
Shut down Sober-infected PCs, ISPs urged. Read more

www.theregister.co.uk:
Security flaws on the rise, questions remain. Read more

english.aljazeera.net:
China blog censorship condemned. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Another rogue Google site. Read more

www.marketwatch.com:
Google is more foe than friend. Read more

09 January 2006

Guides, Papers, etc
searchopensource.techtarget.com:
Masked malware, VM and Linux attacks coming in 2006. Read more

blogs.securiteam.com:
WMF Exploitation FAQ. Read more

blogs.securiteam.com:
Cross Site Request Forgery. Read more

media0.libsyn.com:
SpoitCast. Discussion is the WMF exploit. The speakers are Harrison Holland, Jonathan Goldsboro, and Rob. Download

deadtroll.com:
The Sysadmin Song. Watch

nymag.com:
Bill Gates, The Softening of a Software Man. Read more

www.cio-today.com:
Microsoft CIO Ron Markezich: The Ultimate Beta Tester. Read more

www.kottke.org:
50 Fun Things to Do With Your iPod. Read more

 

Vulnerabilities & Exploits
www.gentoo.org:
VMware Workstation: Vulnerability in NAT networking. Read more

blogs.securiteam.com:
WINE vulnerable to WMF vulnerability. Read more

securitytracker.com:
SimpBook Input Validation Hole in Message Posting Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
TheWebForum Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service. Read more

securitytracker.com:
mod_auth_pgsql Format String Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ADN Forum Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Xlpd Can Be Crashed By Remote Users. Read more

securitytracker.com:
Apple AirPort Base Station Lets Remote Users Deny Service on the Network Interface. Read more

securitytracker.com:
Blue Coat WinProxy Telnet Proxy Can Be Crashed By Remote Users. Read more

securitytracker.com:
Blue Coat WinProxy Host Header Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenBSD Kernel dupfdopen() Bug May Let Local Users Re-open Files With Elevated Privileges. Read more

securitytracker.com:
TinyPHPForum Bugs Let Remote Users Obtain Information and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Lizard Cart CMS Missing Input Validation in 'id' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Linux Kernel sysctl() Interface Unregistration Error Lets Local Users Deny Service. Read more

securitytracker.com:
Linux Kernel Interleaving Bug Lets Local Users Deny Service. Read more

securitytracker.com:
raSMP Input Validation Flaw in HTTP User-Agent Field Permits Cross-Site Scripting Attacks. Read more

 

News
www.interfax.cn:
US start-up accused of hacking private information from top Chinese friend finder site. Read more

www.itnews.com.au:
IM worm makes new use of old techniques. Read more

www.revenews.com:
Adware & Rootkits Continue to Move through Instant Messenger: 180 Solutions Involved Again. Read more

news.bbc.co.uk:
The great firewall of China. Read more

www.appsecinc.com:
New Oracle Voyager Worm Variant. Read more

www.iht.com:
Microsoft's shutdown of Chinese blog is condemned. Read more

www.usdoj.gov:
Man Pleads Guilty to Infecting Thousands of Computers Using Worm Program then Launching them in Denial of Service Attacks. Read more

www.techworld.com:
Safari and Firefox gain on Explorer. Read more

news.bbc.co.uk:
The million-dollar student. Read more

07 January 2006

Guides, Papers, etc
www.computerworld.com:
Q&A: Microsoft exec explains the early WMF patch release. Read more

blogs.securiteam.com:
Did Microsoft pull an Ilfak? Microsoft�s patch under a magnifying glass. Read more

isc.sans.org:
It is all about the risk. Read more

recon.cx:
RECON 2006 - Call for papers - 06/01/06 Read more

www.vitalsecurity.org:
IM Hackers distribute Rootkit and...Rootkit Revealer?! Read more

pferrie.tripod.com:
Inside The Microsoft Script Encoder. Read more

www.securityfocus.com:
Security flaws on the rise, questions remain. Read more

blogs.msdn.com:
MakeMeAdmin -- temporary admin for your Limited User account. Read more

moneycentral.msn.com:
How safe is your financial information? Read more

www.2-spyware.com:
SpywareStrike, a SpyAxe clone, may cause a new epidemic. Read more

www.pcworld.com:
Encrypt Your Wi-Fi. Read more

pferrie.tripod.com:
Idonus Virus Analysis. Read more

pferrie.tripod.com:
Criss-Cross Virus Analysis. Read more

 

News
lfpress.ca:
Sony's 'rootkit' opens massive can of worms. Read more

www.cnn.com:
Sony's balancing act. Read more

www.cantonrep.com:
Lake senior faces felony charge. Read more

www.securitypipeline.com:
Microsoft Leaves Windows 98, Me Users In Lurch Over Metafile Vulnerability. Read more

www.emailbattles.com:
The WMF Exploit Fix Is On Its Way For Windows 98 and ME. Read more

www.crn.com:
Patched Windows Bug Will Be Danger For Months. Read more

www.crn.com:
IM Worm Makes New Use Of Old Techniques. Read more

www.appsecinc.com:
New Oracle Voyager Worm Variant. Read more

news.zdnet.co.uk:
All quiet on the Sober front. Read more

techdirt.com:
Google's Copy Protection: Supplying The Tools For Others To Be Evil. Read more

www.spamdailynews.com:
Why Viagra spam floods your mailbox. Read more

today.reuters.com:
Google to launch online video store. Read more

06 January 2006

Guides, Papers, etc
kareldjag.over-blog.com:
WINDOWS ROOTKITS FREE COUNTERMEASURES Part 1: Introduction to Rootkits. Read more

www.securityfocus.com:
Windows rootkits of 2005, part three. Read more

www.invisiblethings.org:
Detecting Windows Server Compromises with Patchfinder 2. Read more

www.securityfocus.com:
Security flaws on the rise, questions remain. Read more

www.windowsecurity.com:
HTTP Tunnels. Read more

ddanchev.blogspot.com:
How to secure the Internet. Read more

www.networkingpipeline.com:
The Top Five Google Rumors. Read more

www.spamroll.com:
US-CERT needs to learn how to count. Read more

www.it-observer.com:
You can�t manage what you can�t see! Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Blue Coat WinProxy Telnet DoS Vulnerability. Read more

securitytracker.com:
Open-Xchange Web Mail Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

 

News
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). Read more

blogs.securiteam.com:
Microsoft to release �official� WMF patch - TODAY [updated]. Read more

blogs.securiteam.com:
Did Microsoft pull an Ilfak? Microsoft�s patch under a magnifying glass. Read more

blogs.technet.com:
Mike Nash on the Security Update for the WMF Vulnerability. Read more

blogs.securiteam.com:
Microsoft, patches and what we really learned from the WMF 0day. Read more

www.informationweek.com:
Making Sense Of Conflicting Information. Read more

blogs.washingtonpost.com:
Fake Anti-Spyware Makers Settle Fraud Charges. Read more

www.theregister.co.uk:
Spear phishers target eBay. Read more

software.silicon.com:
Spammer must pay $11bn to ISP. Read more

05 January 2006

Guides, Papers, etc
blogs.securiteam.com:
Interview: Ilfak Guilfanov. Read more

www.securityfocus.com:
Zero-day holiday. Read more

www.honeynet.org:
Towards a Third Generation Data Capture Architecture for Honeynets. Read more

www.2600.com:
"Off The Hook" January 4, 2006. Listen

 

Tools:
www.irongeek.com:
Counter WMF Exploit with the WMF Exploit. Read more

www.security-projects.com:
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Read more

www.bitdefender.com:
LinuxDefender Live! CD is a BitDefender re-mastered Knoppix distribution. It was designed to provide users of both Windows and Linux computers with virus incident rescue tools. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
WinRAR Filename Buffer Overflow. Read more

securitytracker.com:
eFileGo Input Validation Bug Lets Remote Users Deny Service, View Files, and Execute Arbitrary Commands. Read more

securitytracker.com:
IBM AIX getcommand/getshell Commands Disclose Contents of Shell Files to Local Users. Read more

securitytracker.com:
BlackBerry Web Browser Bug in Processing JAD Files Lets Remote Users Deny Service. Read more

 

News
www.securityfocus.com:
Pre-release WMF patch leaked to Web. Read more

www.theregister.co.uk:
Sober up as Christmas viruses spiral. Read more

www.securitypipeline.com:
Experts Clash Over Third-Party Windows Metafile Patch. Read more

arstechnica.com:
Windows XP Home: obsolete sooner than you expect. Read more

business.timesonline.co.uk:
Hackers uncover 'biggest Microsoft vulnerability'. Read more

software.silicon.com:
Sober attack shouldn't bite, say antivirus experts. Read more

news.bbc.co.uk:
Gates promises Windows everywhere. Read more

today.reuters.com:
Gates sees IBM not Google as top Microsoft rival. Read more

news.ft.com:
CES blog: Don�t write Microsoft off. Read more

www.redherring.com:
McAfee Settles Fraud Charges. Read more

04 January 2006

Guides, Papers, etc
www.sysinternals.com:
The Antispyware Conspiracy. Read more

SANS Internet Storm Center:
WMF workarounds and patches. Read more

www.us-cert.gov:
Cyber Security Bulletin 2005 Summary. Read more

channel9.msdn.com:
Video: Going deep inside Windows Vista's kernel architecture. Read more

www.windowsecurity.com:
Implementing EFS in a Windows Server 2003 Domain. Read more

www.eweek.com:
How Serious Is the WMF Vulnerability? Read more

 

Tools:
Download WMF vulnerability hotfix. Read more

 

Vulnerabilities & Exploits
evuln.com:
inTouch Authentication Bypass. Read more

 

News
software.silicon.com:
Windows flaw spawns flurry of attacks. Read more

www.securityfocus.com:
Patch for WMF bug slated for next week. Read more

www.theregister.co.uk:
Windows users waiting for serious fix. Read more

www.eweek.com:
Microsoft: Beware of Third-Party WMF Patch. Read more

www.theregister.co.uk:
World+dog scrambles to fight Windows flaw. Read more

news.softpedia.com:
The WMF Exploit Makes All Images Potential Risks but Has No Effect on Macs. Read more

software.silicon.com:
Windows flaw spawns flurry of attacks. Read more

news.com.com:
Ouch! Microsoft spanked on security assessment. Read more

www.technewsworld.com:
Attack Vulnerability Worries Windows Users. Read more

software.silicon.com:
BlackBerry users warned over malicious images. Read more

www.boingboing.net:
Outspoken Chinese blogger censored by Microsoft. Read more

searchsecurity.techtarget.com:
Will Sober strike this Thursday? Read more

www.techworld.com:
Sony coughs up for rootkit disaster. Read more

www.eff.org:
Florida AG's Office Enters Sony BMG DRM Fray. Read more

www.theregister.co.uk:
Data security moves front and center in 2005. Read more

www.theregister.co.uk:
Domain scam duo fined AU$2.3m. Read more

news.com.com:
Skype targets mainstream consumers. Read more

www.theregister.co.uk:
Music sales slide despite RIAA's crushing blows against piracy. Read more

03 January 2006

Guides, Papers, etc
blogs.technet.com:
Conscientious Risk Management and WMF. Read more

isc.sans.org:
WMF FAQ (NEW). Read more

www.imperva.com:
How safe is it out there? Read more

www.spamroll.com:
The SSL "lock" doesn't mean you're safe. Read more

www.it-observer.com:
What are Rootkits? Read more

www.cs.ucsb.edu:
Detecting Kernel-Level Rootkits Through Binary Analysis. Read more

blogs.securiteam.com:
Eat your own dog food, or you�ll end up eating�Read more

blogs.securiteam.com:
Inciting Fear for Fun and Profit. Read more

www.felinemenace.org:
Exploiting Uninitialized Data Bugs. Download

www.cs.ucdavis.edu:
The Essence of Command Injection Attacks in Web Applications. Read more

www.cs.ucsb.edu:
Detecting Malicious JavaScript Code in Mozilla. Read more

www.cs.ucsb.edu:
Detecting Malicious Java Code Using Virtual Machine Auditing. Read more

glide.stanford.edu:
Static Detection of Security Vulnerabilities in Scripting Languages. Read more

www.cs.ucsb.edu:
A multi-model approach to the detection of web-based attacks. Read more

www.codebreakers-journal.com:
VX Reversing II, Sasser.B. Read more

 

News
news.ft.com:
Windows PCs face �huge� virus threat. Read more

www.securityfocus.com:
Worries increase over WMF flaw. Read more

www.websensesecuritylabs.com:
Informational Alert: WMF Infected Site Examples. Read more

blog.ziffdavis.com:
Researchers Dispute Which Windows Versions Are Vulnerable. Read more

www.playfuls.com:
Panda Discovers Hacking Tool for Camouflaging Threats in WMFs. Read more

www.informationweek.com:
Sad State Of Data Security. Read more

www.techworld.com:
EU law used to beat spammers. Read more

02 January 2006

Guides, Papers, etc
www.hexblog.com:
WMF Vulnerability Checker. Read more

isc.sans.org:
Trustworthy Computing. Read more

blogs.securiteam.com:
The Lesson of WMF. Read more

www.f-secure.com:
It's not a bug, it's a feature. Read more

www.infectionvectors.com:
Microsoft Time to Exploit: September to December 2005. Read more

www.livejournal.com:
WiFi Worm. Read more

 

News
www.computerworld.com:
Risk of Windows WMF attacks jumps 'significantly,' security firm warns. Read more

www.spectrum.ieee.org:
Antipiracy Software Opens Door to Electronic Intruders. Read more

www.cfo.com:
Hackers Find Backers. Read more

seattletimes.nwsource.com:
Spyware's bad; free software to fight it is good. Read more

www.linux-watch.com:
Why should you dump Windows for Linux? Read more

www.msnbc.msn.com:
Woman says intruder left porn on her computer. Read more

01 January 2006

Happy New Year!

Descriptions of 140 Trojans added to The Archive. Read more

 

Guides, Papers, etc
isc.sans.org:
2nd generation WMF 0day Expliot Spammed (NEW). Read more

www.hexblog.com:
Windows WMF Metafile Vulnerability HotFix. Read more

www.cgisecurity.com:
Application Security Predictions For The Year 2006. Read more

www.windowsecurity.com:
The Different Shades of Hackers. Read more

www.sysinternals.com:
Sony Settles. Read more

www.usatoday.com:
Ready access to info means smarts or stress? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
BlackBerry Enterprise Server Router Component Lets Remote Users Deny Service. Read more

securitytracker.com:
Blackberry Attachment Service Can Be Crashed By Remote Users With Malformed TIFF Files. Read more

securitytracker.com:
PTnet IRCD Lets Remote Users Consume All Available Memory. Read more

 

News
www.f-secure.com:
New WMF exploit attacks via email. Read more

sunbeltblog.blogspot.com:
New WMF exploit confirmed in spam attacks. Read more

blogs.washingtonpost.com:
New Exploit for Unpatched Windows Flaw. Read more

blogs.securiteam.com:
Xanga Hit By Script Worm. Read more

arstechnica.com:
Microsoft Teams Up With Japanese VoIP Carrier. Read more

arstechnica.com:
RIAA lawyers bully witnesses into perjury. Read more

arstechnica.com:
China declares war on Internet pornography. Read more


Copyright� MegaSecurity.org