Home    News Archive    Translate Traducen
News May 2007
31 May 2007

Guides, Papers, etc
blogs.securiteam.com:
Soloway: Another spammer bites the dust. Read more

blogs.securiteam.com:
Targeted or not targeted? Read more

www.securityfocus.com:
Security Analogies. Read more

www.f-secure.com:
Security patch for our products. Read more

isc.sans.org:
An inside look at a targeted attack. Read more

www.symantec.com:
Calculating the Risk of Infection. Read more

www.symantec.com:
Tax Phraud. Read more

www.symantec.com:
Social Bookmarking and Malicious Websites. Read more

ddanchev.blogspot.com:
The WebAttacker in Action. Read more

www.wired.com:
Don't Look a Leopard in the Eye, and Other Security Advice. Read more

www.darkreading.com:
How to Stop Political Attacks. Read more

www.darkreading.com:
Bug Disclosures Decline. Read more

www.darkreading.com:
Monty Python's Flying Backup. Read more

www.eweek.com:
Are Big AV Vendors Falling Behind? Read more

www.technologyreview.com:
Better Face-Recognition Software. Read more

www.infoworld.com:
Password-cracking challenge update: second password revealed. Read more

www.usenix.org:
The Ghost In The Browser Analysis of Web-based Malware. Read more

aolradio.podcast.aol.com:
Audio: TWiT 99: Happy Towel Day. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
F-Secure Policy Manager fsmsh.dll Lets Remote Users Deny Service With NTFS Reserved Words. Read more

securitytracker.com:
F-Secure Anti-Virus Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges. Read more

securitytracker.com:
F-Secure Internet Gatekeeper Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
F-Secure Internet Security Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Quagga bgpd Server Can Be Crashed By Remote Users. Read more

securitytracker.com:
file Integer Overflow in file_printf() May Let Local Users Execute Arbitrary Code. Read more

securitytracker.com:
Tomcat JK Connector May Let Remote Users Access Restricted Resources. Read more

securitytracker.com:
AntiVir Divide By Zero Error in Processing TAR Files Lets Remote Users Deny Service. Read more

securitytracker.com:
securitytracker.com:
QuickTime for Java Lets Remote Users Obtain Information and Execute Arbitrary Code. Read more

securitytracker.com:
Solaris in.iked Can Be Crashed By Remote Users. Read more

securitytracker.com:
Solaris inetd Can Be Shutdown By Local Users. Read more

 

Tools:
blog.wired.com:
First Look: Microsoft Milan Surface Computer -- A Table That Knows What's On It. Read more

 

News
www.securityfocus.com:
Insecure plug-ins pose danger to Firefox users. Read more

security.itworld.com:
F-Secure hit with antivirus vulnerabilities. Read more

seattletimes.nwsource.com:
Spammer once sued by Microsoft is arrested in Seattle. Read more

www.securityfocus.com:
Google secures GreenBorder in quiet buy. Read more

www.theregister.co.uk:
Germany declares hacking tools 'verboten'. Read more

www.baselinemag.com:
Cyberwar: Is This The First Salvo? Read more

news.com.com:
Mass deletion sparks LiveJournal revolt. Read more

arstechnica.com:
Apple hides account info in DRM-free music, too. Read more

www.reuters.com:
Google takes big step to make Web work offline. Read more

arstechnica.com:
Facial recognition slipped into Google image search. Read more

news.bbc.co.uk:
When Bill met Steve... Read more

30 May 2007

Guides, Papers, etc
isc.sans.org:
Virus detection - vector vs. payload. Read more

isc.sans.org:
Quicktime Security Update for 7.1.6 (Yes, really!). Read more

blogs.securiteam.com:
Bad bunny - first OpenOffice virus and it�s crossplatform! Read more

www.f-secure.com:
Should police hack? Read more

www.avertlabs.com:
On YouTube, Data-mining, & Invasion of Privacy. Read more

www.symantec.com:
Social Bookmarking and Malicious Websites. Read more

ddanchev.blogspot.com:
The Revenge of the Waitress. Read more

ddanchev.blogspot.com:,br> Reverse Engineering the ANI Vulnerability. Read more

ddanchev.blogspot.com:
Google Hacking for Vulnerabilities. Read more

www.darkreading.com:
New Laws Don't Solve Global Problems. Read more

www.darkreading.com:
Fed Workers Still in the Dark. Read more

www.darkreading.com:
Security With a Native Touch. Read more

www.crn.com:
Review: Vista, XP Users Equally At Peril To Viruses, Exploits. Read more

news.bbc.co.uk:
A decade of online banking - and online fraud. Read more

www.spidynamics.com:
Preventing Google Hacking. Read more

blogs.securiteam.com:
In memory of Michael Lowery. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
AntiVir Divide By Zero Error in Processing UPX Packed Files Lets Remote Users Deny Service. Read more

moaxb.blogspot.com:
MoAxB #29: EDraw Office Viewer Component (edrawofficeviewer.ocx v. 4.0.5.20) Denial of Service Exploit. Read more

moaxb.blogspot.com:
MoAxb #28: EDraw Office Viewer Component (edrawofficeviewer.ocx v. 4.0.5.20) Unsafe Method Vulnerability. Read more

 

Tools:
www.securitypark.co.uk:
Full security suite on a USB stick. Read more

 

News
www.theregister.co.uk:
Google acquires 'sandbox' technology for secure browsing. Read more

blog.wired.com:
Google, Yahoo, Facebook Extensions Put Millions of Firefox Users At Risk. Read more

www.0x000000.com:
Breaking News: Files From Google On the Streets. Read more

www.wired.com:
Which ISPs Are Spying on You? Read more

www.theregister.co.uk:
Pentagon: China threatens space and cyberspace. Read more

www.itnews.com.au:
US claims China has online army 'ready to strike'. Read more

www.computerworlduk.com:
Germany leads the way with tough anti-hacking law. Read mre

www.theregister.co.uk:
Sophos apologises for going legal on school techies. Read more

www.theregister.co.uk:
Peer-to-peer networks co-opted for DOS attacks. Read more

www.theregister.co.uk:
Google faces multiple privacy probes. Read more

www.theregister.co.uk:
Tiscali coughs to spam blacklisting after a week without email. Read more

www.theregister.co.uk:
Microsoft waves in Minority Report-style computing era. Read more

29 May 2007

Guides, Papers, etc
blogs.technet.com:
The Case of the Unknown Autostart. Read more

blogs.securiteam.com:
What�s Behind the BBB Phishing Emails? Read more

www.secureworks.com:
BBB Phishing Trojan. Read more

www.2-spyware.com/:
Skype worms evolving. Read more

www.f-secure.com:
'Microsoft Support' has something very important to say. Read more

didierstevens.wordpress.com:
Find Madeleine. Read more

isc.sans.org:
Apple Security Update 2007-005. Read more

www.symantec.com:
The Danger of Speling Mistakes. Read more

www.mgmt.purdue.edu:
Spam Works: Evidence from Stock Touts and Corresponding Market Activity. Read more

www.avertlabs.com:
Are Spammers Giving Up on Image Spam? Read more

blogs.authentium.com:
Some More Spam Issues. Read more

www.securitycadets.com:
Another clone rogue - Dr. AntiSpy. Read more

www.sophos.com:
Phishing season still open in New Zealand. Read more

www.darkreading.com:
Fed Workers Still in the Dark. Read more

www.darkreading.com:
Microsoft Takes Aim at Endpoint. Read more

www.darkreading.com:
Wireless: Fix, Not Flaw. Read more

www.darkreading.com:
Blogging With Security. Read more

www.darkreading.com:
Trust Exercise. Read more

didierstevens.wordpress.com:
Hiding Inside a Rainbow, Part 2. Read more

www.computerworld.com:
Hacking Firefox: The secrets of about:config. Read more

www.podtrac.com:
Security Now 93: Software Patents. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
AntiVir Buffer Overflow in Processing LZH Files Lets Remote Users Execute Arbitrary Code Read more

moaxb.blogspot.com:
MoAxB #27: LeadTools Raster ISIS Object (LTRIS14e.DLL v. 14.5.0.44) Remote Buffer Overflow Exploit. Read more

moaxb.blogspot.com:
MoAxB #26: LeadTools Raster OCR Document Object Library (ltrdc14e.dll v. 14.5.0.44) Remote Memory corruption Exploit. Read more

 

Tools:
www.email-unlimited.com:
Verify Email Address Online. Read more

 

News
www.securityfocus.com:
Peer-to-peer networks co-opted for DOS attacks. Read more

www.securityfocus.com:
BBB Trojan nabs more than 1,400 victims. Read more

www.theregister.co.uk:
Pirates Trojan keel-hauls surfers. Read more

www.pcadvisor.co.uk:
China develops cyberwarfare viruses. Read more

www.cio.in:
Internet Bankers Adopt More Online Security Methods. Read more

news.bbc.co.uk:
UK database theft hurts customers. Read more

www.terra.net.lb:
Hong Kong cracks down on spam. Read more

www.nytimes.com:
Millions of Addresses and Thousands of Sites, All Leading to One. Read more

26 May 2007

Guides, Papers, etc
www.theregister.co.uk:
Gone phishing with eBay. Read more

isc.sans.org:
Better Business Bureau targeted malware spam. Read more

sunbeltblog.blogspot.com:
Massive Italian typosquatting ring foists malware on users. Read more

www.avertlabs.com:
Are Spammers Giving Up on Image Spam? Read more

www.itwire.com.au:
ISPs should take lead in Internet security. Read more

www.itsecurity.com:
Is Security a Solvable Problem? Read more

www.eweek.com:
The Google Crapplet. Read more

www.pbs.org:
The Final Days of Google: It is going to be an inside job. Read more

www.cio.com:
Eight Sound Reasons Not to Use MySQL. Read more

www.darkreading.com:
Wireless: Fix, Not Flaw. Read more

www.darkreading.com:
Trust Exercise. Read more

ha.ckers.org:
Email Address Obfuscation Woes. Read more

www.podtrac.com:
Audio: Security Now 93: Software Patents. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Java System Web Proxy Server Buffer Overflows in 'sockd' Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Solaris NFS Client Module acl(2) Lets Remote Users Deny Service. Read more

securitytracker.com:
Nortel Meridian CS 1000 Lets Remote Users Deny Service. Read more

securitytracker.com:
Mac OS X vpnd Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Mac OS X pppd Plugin Loading Feature Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Mac OS X Buffer Overflow in mDNSResponder Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X Alias Manager May Allow Users to Cause Arbitrary Code to Be Executed by the Target User. Read more

securitytracker.com:
Symantec Enterprise Security Manager Race Condition Lets Remote Users Cause the Service to Hang. Read more

securitytracker.com:
Apple iChat Buffer Overflow in UPnP IGD Protocol Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple Crontab Cleanup Script Lets Local Users Deny Service. Read more

securitytracker.com:
Apple CoreGraphics Integer Overflow in Processing PDF Files Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Apple plugs 17 flaws in latest update. Read more

www.theregister.co.uk:
MS update patches patching. Read more

blog.washingtonpost.com:
Cyber Crooks Hijack Activities of Large Web-Hosting Firm. Read more

www.vnunet.com:
Better Business spam hides Trojan. Read more

www.vnunet.com:
Pirates of the Caribbean spam ships Trojan. Read more

australianit.news.com.au:
Bloggers beat Great Firewall. Read more

news.com.com:
Security Bites Podcast: Skype worm jumps apps. Read more

www.smh.com.au:
Prolific Turkish hacker targets Aussie sites. Read more

www.securityfocus.com:
BBB spam attack gets personal. Read more

www.theregister.co.uk:
Google plays cat and mouse with regulators. Read more

news.bbc.co.uk:
Google queried on privacy policy. Read more

www.heise-security.co.uk:
Germany passes Anti-Hacking laws. Read more

www.theregister.co.uk:
Your space, MySpace, everybody's space. Read more

www.ft.com:
EU probes Google grip on data. Read more

www.infoworld.com:
Microsoft sues alleged stock scammers. Read more

www.theregister.co.uk:
'Partial nudity' said to hinder M-rated Halo 2 release. Read more

24 May 2007

Guides, Papers, etc
blogs.securiteam.com:
Right-clicking can be dangerous too - the Opera way. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Extremely dangerous Better Business Bureau spam with malware. Read more

www.pcmag.com:
AV-Test.org Reports Stats from Antivirus Roundup. Read more

determina.blogspot.com:
Video: Google Talk. Read more

podcasts.mcafee.com:
Audio: AudioParasitics Episode 6. Rootkits and rootkit components. Listen

podcasts.mcafee.com:
Audio: AudioParasitics Episode 7. Vulnerability disclosure and bounty programs. Listen

isc.sans.org:
Auscert day 3 update. Read more

ddanchev.blogspot.com:
Jihadists' Anonymous Internet Surfing Preferences. Read more

www.eweek.com:
What's So Hard To Understand About MOICE? Read more

www.sophos.com:
Fundamental flaw in all operating systems! Read more

www.avertlabs.com:
MS Overexposure Studio 2010? Read more

windowshelp.microsoft.com:
Internet Explorer 7 offers improved security and productivity. Read more

www.darkreading.com:
New Spec Could Cut Phishing, Spam. Read more

www.darkreading.com:
Startup to Ship Sweetened Honeypot. Read more

www.darkreading.com:
Spyware Hides in Plain Sight. Read more

www.darkreading.com:
Threats to Watch Out For. Read more

searchsecurity.techtarget.com:
When Microsoft Vista and VPNs don't mix. Read more

 

Vulnerabilities & Exploits
www.opera.com:
Advisory: Malicious torrent files can execute arbitrary code in Opera. Read more

sc.sans.org:
cisco crypt lib vulnerability. Read more

securitytracker.com:
Citrix Presentation Server Session Reliability Flaw Lets Remote Users Bypass Security Policy Restrictions. Read more

moaxb.blogspot.com:
MoAxB #24: LeadTools Raster Dialog File Object (LTRDF14e.DLL v. 14.5.0.44) Remote Buffer Overflow Exploit. Read more

 

Tools:
news.zdnet.co.uk:
32GB solid state disk comes to UK notebooks. Read more

 

News
www.computerworld.com:
Unpatched Symantec flaw leads to U. of Colorado breach. Read more

www.scmagazine.com:
Hackers exploit unpatched flaw, disabled firewall to access personal info of 45,000 University of Colorado students. Read more

www.securityfocus.com:
OpenOffice virus reaches across platforms. Read more

www.theregister.co.uk:
Network security vulns keep sysadmins busy. Read more

www.theregister.co.uk:
Drive-by Wi-Fi 'thief' heavily fined. Read more

www.theregister.co.uk:
Symbian signing is no protection from spyware. Read more

www.websense.com:
Malicious Web site / Malicious Code: Audi's Taiwan site compromised. Read more

www.vnunet.com:
Clock ticking on 1024-bit encryption safety. Read more

www.gamealmighty.com:
Jack Thompson Sues Microsoft. Read more

money.cnn.com:
The man who owns the Internet. Read more

www.boingboing.net:
Man who claims FBI is after him puts entire life online. Read more

23 May 2007

Guides, Papers, etc
www.microsoft.com:
Microsoft Security Advisory (927891). Read more

blog.opendns.com:
Google turns the page� in a bad way. Read more

www.smh.com.au:
Computer security has 'massively failed'. Read more

ha.ckers.org:
.bank TLD. Read more

www.woodtv.com:
A wireless felony. Read more

blogs.ittoolbox.com:
FBI: Encryption Really Pisses Us Off. Read more

video.google.com:
Video: Reverse engineering techniques to find security bugs: A case study of the ANI. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
RSA BSAFE ASN.1 Parsing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco IOS ClientHello, ChangeCipherSpec, and Finished SSL Messages Let Remote Users Deny Service. Read more

securitytracker.com:
GIMP Buffer Overflow in Processing Sun RAS Files Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.hstoday.us:
Google Wants Still More Personal Data on its Users. Read more

www.securityfocus.com:
MySpace, AGs in deal over sex-offender data. Read more

www.theregister.co.uk:
Malware targets OpenOffice users. Read more

apcmag.com:
First OpenOffice virus emerges. Read more

www.theregister.co.uk:
Amnesty Int to hold web censorship conference. Read more

www.theregister.co.uk:
Telegraph floored by DDoS attack. Read more

yodel.yahoo.com:
One small step for email, one giant leap for Internet safety. Read more

www.newscientisttech.com:
New software can identify you from your online habits. Read more

www.itnews.com.au:
Aussie's still being scammed. Read more

www.wired.com:
Hack My Son's Computer, Please. Read more

22 May 2007

Guides, Papers, etc
www.benedelman.org:
Spyware Still Cheating Merchants and Legitimate Affiliates. Read more

csoonline.com:
The Scourge of Image Spam. Read more

www.darkreading.com:
Bugs With No Bite. Read more

www.darkreading.com:
Phoning It In. Read more

isc.sans.org:
Analyzing an obfuscated ANI exploit. Read more

isc.sans.org:
Opera fixes the torrent vulnerability. Read more

ddanchev.blogspot.com:
A Client Application for "Secure" E-banking? Read more

ddanchev.blogspot.com:
A Malware Loader For Sale. Read more

www.avertlabs.com:
Stats from the bulk emailer. Read more

www.computerworld.com:
Flood of Virus Alerts Is a Test of Processes. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Opera Buffer Overflow in Processing Torrent Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
FreeType Integer Overflow in TT_Load_Simple_Glyph() Lets Remote Users Execute Arbitrary Code. Read mpre

securitytracker.com:
IPsec-Tools isakmp_info_recv() Function Lets Remote Users Deny Service. Read more

moaxb.blogspot.com:
MoAxB #22: LeadTools ISIS Control (ltisi14E.ocx v. 14.5.0.44) Remote Buffer Overflow Exploit. Read more

 

News
www.securityfocus.com:
TJX: Breach cost company $17 million to date. Read more

www.newsfactor.com:
Google: Malware Runs Rampant on the Web. Read more

computerworld.com.sg:
New and 'improved' Gozi Trojan version on the loose. Read more

www.siliconrepublic.com:
MySpace to give up sex offenders� details. Read more

www.theregister.co.uk:
Symbian malware escapes Russia. Read more

www.sophos.com:
BadBunny seen in "the wild"? OpenOffice multiplatform macro worm discovered. Read more

www.theregister.co.uk:
Norton's firewall not fiery enough. Read more

www.latimes.com:
Big firms aren't only ones hit by system hackers. Read more

www.ft.com:
Symantec software deletes PC files. Read more

21 May 2007

Guides, Papers, etc
www.robpaveza.net:
User-Prompted Elevation of Unintended Code in Windows Vista. Read more

www.sans.org:
Security Issues and countermeasure for VoIP. Read more

www.mitnicksecurity.com:
The Invisible Digital Man. Read more

ddanchev.blogspot.com:
Tricking a Laptop's Fingerprint Authentication. Watch

ddanchev.blogspot.com:
Commercializing Mobile Malware. Read more

www.darkreading.com:
Many Governments Censor Internet Content. Read more

msmvps.com:
Phishing and keyloggers. Read more

ha.ckers.org:
phishing with google (again). Read more

blogs.csoonline.com:
Zango to antispyware vendor: Watch what you say! Read more

www.avertlabs.com:
Trust is relative. Why would you trust a logo? Read more

sunbeltblog.blogspot.com:
TinyURL implements "Preview Feature". Read more

www.alex-ionescu.com:
Secrets of the Application Compatilibity Database (SDB) - Part 1. Read more

www.ecoustics.com:
Is It Really a Virus? Get a Second Opinion. Read more

 

Vulnerabilities & Exploits
labs.idefense.com:
Challenge Focus: Remote Arbitrary Code Execution Vulnerabilities in Select Critical Internet Infrastructure Applications. Read more

 

News
www.hardwarezone.com:
Bush Worm Dances its Way into Computers. Read more

www.virusbtn.com:
Zango sues PC Tools for $35 million. Read more

www.computerworld.com:
New and 'improved' Gozi Trojan version on the loose. Read more

www.smh.com.au:
Jail for BitTorrent bandit 'Big Crook'. Read more

www.cbsnews.com:
Exclusive: Los Alamos Breach Was Easy. Read more

19 May 2007

Guides, Papers, etc
www.computerworlduk.com:
Microsoft security patch booby traps IE7. Read more

www.f-secure.com:
And you can take that to the .bank. read more

www.viruslist.com:
Mobile device security 2007. Read more

www.2-spyware.com:
User-friendly malware control. Read more

www.darkreading.com:
Seven Habits of Highly Malicious Hackers. Read more

isc.sans.org:
Symantec AV problem on XP SP2 Simplified Chinese. Read more

www.sophos.com:
Fake digital camera order spam hits Australia. Read more

www.eweek.com:
Good News from ICANN. Read more

whitepapers.zdnet.co.uk:
From Viruses to Spyware: In the Malware Trenches with Small and Medium-size Businesses. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
VP-ASP Input Validation Hole in 'shopcontent.asp' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Vixie Cron Installation Permissions on Some Platforms Let Local Users Deny Service. Read more

ha.ckers.org:
Enumerate Windows Users In JS. Read more

moaxb.blogspot.com:
MoAxB #19: LeadTools Thumbnail Browser Control (lttmb14E.ocx v. 14.5.0.44) Remote Stack-Based Buffer Overflow. Read more

moaxb.blogspot.com:
MoAxB #20: LeadTools Raster Thumbnail Object Library (LTRTM14e.DLL v. 14.5.0.44) Remote Stack-Based Buffer Overflow. Read more

 

News
www.securityfocus.com:
Estonia gets respite from Web attacks. Read more

msmvps.com:
Julie Amero - god damn it, they've done it again. Read more

www.theregister.co.uk:
Adware firm sues over adware classification. Read more

www.theregister.co.uk:
Net censorship growing worldwide. Read more

www.slashgear.com:
Microsoft banning hacked consoles from Xbox live. Read more

18 May 2007

Guides, Papers, etc
isc.sans.org:
Dell Phish. Read more

www.avertlabs.com:
Potential for Good: �Month of X Bugs� Projects. Read more

blogs.ittoolbox.com:
And I thought I was patched! Read more

www.eweek.com:
Google Looks into the Exploit Thing. Read more

cryptogon.com:
High-Traffic Colluding Tor Routers in Washington, D.C., and the Ugly Truth About Online Anonymity. Read more

www.usnews.com:
Top Computer Crimes of 2007 (First Quarter). Read more

www.lightbluetouchpaper.org:
How quickly are phishing websites taken down? Read more

msmvps.com:
Will I be forced to use command line? The horrors... Read more

ha.ckers.org:
More On The .NET Request Validation Bypass. Read more

www.baselinemag.com:
New Security Survival Guide: How To Layer A Solid Defense. Read more

images.globalknowledge.com:
Ten Ways Hackers Breach Security. Read more

www.f-prot.com:
slideshows for the presentations given at the International Antivirus Testing Workshop 2007. Read more

aolradio.podcast.aol.com:
Security Now 92: Your Questions, Steve's Answers 19. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
libpng PNG tRNS Chunk Processing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
MetaFrame Password Manager Lets Remote Authenticated Users View Their Own Secondary Passwords. Read more

securitytracker.com:
CA BrightStor ARCserve 'Mediasvr.exe' and 'caloggerd.exe' Can Be Crashed By Remote Users. Read more

securitytracker.com:
Adobe Version Cue Disables Mac OS X Firewall. Read more

moaxb.blogspot.com:
MoAxB #18: LeadTools JPEG 2000 COM Objejct (LTJ2K14.ocx v. 14.5.0.35) Remote Stack-Based Buffer Overflow. Read more

 

Tools:
www.extremetech.com:
Hitachi Deskstar 7K1000 Terabyte Hard Drive Review. Read more

 

News
www.networkworld.com:
Google Korea to censor search results. Read more

www.norwichbulletin.com:
Sentencing for substitute teacher postponed again. Read more

www.theregister.co.uk:
Grifters find rich pickings on social networking sites. Read more

www.theregister.co.uk:
Judge in tech trial says he 'doesn't know what a website is'. Read more

secunia.com:
28% of all detected applications are insecure. Read more

www.smh.com.au:
Study Finds 25 Countries Block Web Sites. Read more

abcnews.go.com:
Estonia: Ground Zero for World's First Cyber War? Read more

www.esecurityplanet.com:
Symantec Wants Pirates' Millions. Read more

17 May 2007

Guides, Papers, etc
isc.sans.org:
Scammers Use Social Networks for Increased Effectiveness. Read more

www.sophos.com:
Managed appliances explored in Sophos podcast. Read more

www.symantec.com:
When Good Intentions Go Bad. Read more

csoonline.com:
Image Spam: By the Numbers. Read more

ddanchev.blogspot.com:
Yet Another Malware Cryptor In the Wild. Read more

ddanchev.blogspot.com:
Corporate Espionage Through Botnets. Read more

www.darkreading.com:
Be Your Own War Driver. Read more

www.darkreading.com:
Security Vendor, Heal Thyself. Read more

www.darkreading.com:
Microsoft Meets Xbox Hacker. Read more

www.wired.com:
More Firefox Bloat? Say It Ain't So, Mozilla. Read more

ha.ckers.org:
Read Firefox Settings (PoC). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Norton Personal Firewall Buffer Overflow in ISAlertDataCOM ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Discovery Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information. Read more

securitytracker.com:
MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com:
MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command. Read more

securitytracker.com:
Proventia Lets Remote Users Evade Detection With Certain Character Encodings. Read more

securitytracker.com:
Check Point Web Intelligence Lets Remote Users Evade Detection With Certain Character Encodings. Read more

securitytracker.com:
Mutt mutt_gecos_name() Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
HP Secure Shell Discloses User Account Names to Remote Users. Read more

securitytracker.com:
PoPToP Sequence and Dequeing Bugs Let Remote Users Deny Service. Read more

moaxb.blogspot.com:
MoAxB #17: Sienzo Digital Music Mentor (DMM) 2.6.0.4 (ltmm15.dll) Buffer Overflow Exploit. Read more

 

News
www.securityfocus.com:
Microsoft to give more early data on flaws. Read more

blogs.msdn.com:
Follow Up to Internet Explorer May 2007 Security Update. Read more

www.yle.fi:
DoS Attack on YLE Web Pages Eases. Read more

www.biosmagazine.co.uk:
Dell Lures Installing Trojan Horse. Read more

msmvps.com:
WARNING: "Dell online store" trojan emails. Read more

www.theregister.co.uk:
Google launches universal search. Read more

www.theregister.co.uk:
JavaScript in web browsers is new security weak spot. Read more

www.theregister.co.uk:
Slammer turns Florida election result into worm food. Read more

www.itnews.com.au:
Pirated software leaves firms open to hackers. Read more

www.theregister.co.uk:
Google free again to pump out porn thumbnails. Read more

www.theregister.co.uk:
MySpace stands firm on paedophile data pressure. Read more

www.physorg.com:
Microsoft: Why Not Use Your Phone as a Cheap PC? Read more

16 May 2007

Guides, Papers, etc
www.symantec.com:
Found Your Password on a Search Engine. Read more

www.schneier.com:
Is Penetration Testing Worth it? Read more

isc.sans.org:
Full-Width/Half-Width Unicode Bypasses HTTP Scanning. Read more

blogs.zdnet.com:
Why VPN can�t replace Wi-Fi security. Read more

www.eweek.com:
Standards and the State of NAC. Read more

blogs.securiteam.com:
Gresham, Akerlof, and security (lack of) quality. Read more

www.theregister.co.uk:
Gone in 120 seconds: cracking Wi-Fi security. Read more

www.f-secure.com:
International Antivirus Testing Workshop. Read more

www.avertlabs.com:
Simple Security - Threats �In the Wild�, ascertaining your true risk. Read more

www.darkreading.com:
Invisible Things Comes to Light. Read more

www.darkreading.com:
Up Close With David Maynor. Read more

www.darkreading.com:
IBM, Symantec Tackle Compliance. Read more

www.darkreading.com:
Bumpy Road Ahead. Read more

www.darkreading.com:
What Use Is an IPS? Read more

ha.ckers.org:
Malware Stats or Ghost in the Browser. Read more

ww.sunbelt-software.com:
DEFENDING AGAINST INTERNET WORMS. Read more

invisiblethings.org:
Virtualization - The Other Side of the Coin. Read more

podcasts.mcafee.com:
Audio: Episode 6 of AudioParasitics. In this episode Jim and I discuss rootkits, rootkit components as well as touch on detection and cleaning. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Jetbox CMS Lets Remote Users Inject E-mail to Send Arbitrary E-mail Messages via the System. Read more

securitytracker.com:
HP Systems Insight Manager Session Fixation Flaw Lets Remote Users Obtain Administrative Access. Read more

securitytracker.com:
Resin Bugs Lets Remote Users View Files, Determine the Installation Path, and Deny Service. Read more

securitytracker.com:
WebLogic Portal Input Validation Hole Permits Cross-Site Scripting Attacks and Entitlement Bug Lets Remote Users Access Resources. Read more

securitytracker.com:
BEA WebLogic Integration Directory Traversal Bug Lets Remote Users List Certain Directories. Read more

securitytracker.com:
BEA WebLogic Server Multiple Bugs Let Remote Users Deny Service, Gain Elevated Privileges. Read more

securitytracker.com:
Cisco Intrusion Prevention System Lets Remote Users Evade Detection With Certain Character Encodings. Read more

securitytracker.com:
Cisco IOS Firewall/IPS Feature Set Lets Remote Users Evade Detection With Certain Character Encodings. Read more

securitytracker.com:
Samba 'smb.conf' Scripts Input Validation Flaw Lets Remote Users Inject Arbitrary Commands. Read more

securitytracker.com:
Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Samba SID/Name Translation Bug Lets Local Users Gain Root Privileges. Read more

moaxb.blogspot.com:
MoAxB #16: IE 6 PrecisionID Barcode ActiveX 1.9 0day (PrecisionID_Barcode.dll) Denail of Service. Read more

moaxb.blogspot.com:
MoAxB #16 Bonus: IE 6 PrecisionID Barcode ActiveX 1.9 0day (PrecisionID_Barcode.dll) Remote Arbitrary File Overwrite. Read more

 

News
news.com.com:
New gang war raging on the Internet. Read more

www.securityfocus.com:
Read more

www.reuters.com:
MySpace deletes sex offender profiles. Read more

www.usatoday.com:
Citing privacy, MySpace won't give names of sex offenders. Read more

www.informationweek.com:
Linus Torvalds Responds To Microsoft Patent Claims. Read more

www.pcworld.com:
Cyber Security Bill Targets Botnets. Read more

news.netcraft.com:
Internet Passes 600,000 SSL Sites. Read more

www.theregister.co.uk:
Spammers stuff PlusNet email accounts (again). Read more

www.smh.com.au:
Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks. Read more

news.com.com:
N.Y. attorney general accuses Dell of fraud. Read more

15 May 2007

Guides, Papers, etc
www.viruslist.com:
Malware Miscellany, April 2007. Read more

isc.sans.org:
New Samba release fixes three important vulnerabilities. Read more

isc.sans.org:
Information security awareness videos. Read more

sunbeltblog.blogspot.com:
Unintended consequences. Read more

www.itpro.co.uk:
Expert warns of attacks on DNS servers. Read more

www.daniweb.com:
Battle of the botnets. Read more

ddanchev.blogspot.com:
XSS The Planet. Read more

didierstevens.wordpress.com:
�Is your PC virus-free? Get it infected here!� Read more

www.darkreading.com:
SSL VPN From Your Smartphone. Read more

www.darkreading.com:
Crypto Check. Read more

blogs.zdnet.com:
Do you know what�s leaking out of your browser? Read more

www.symantec.com:
Companion Viruses for the 21st Century. Read more

myappsecurity.blogspot.com:
Reflection on Caleb Sima. Read more

www.theregister.co.uk:
How Google translates without understanding. Read more

www.networkcomputing.com:
Strategic Security Podcast. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
CommuniGate Pro Input Validation Hole in Style Tags Permits Cross-Site Scripting Attacks. Read more

moaxb.blogspot.com:
MoAxB #15: DB Software Laboratory DeWizardX (DEWizardAX.ocx) Remote Arbitrary File Overwrite. Read more

 

Tools:
www.endpointscan.com:
Online scanner for portable device usage. Read more

 

News
www.securityfocus.com:
Verizon plans to buy Cybertrust. Read more

www.securityfocus.com:
Pirate Bay breach leaks database. Read more

www.theregister.co.uk:
MySpace users snowed in by new blizzard of spam. Read more

washingtontimes.com:
Chinese hackers get the drop on fashion houses. Read more

news.zdnet.co.uk:
Malware latches onto Windows updates. Read more

www.itnews.com.au:
US brands milked for phishing emails. Read more

www.microsoft-watch.com:
Microsoft's Open Letter to Open Source. Read more

today.reuters.co.uk:
Thousands of sex offenders discovered on MySpace. Read more

www.skypejournal.com:
UK: Paedophiles use Skype to find and pursue likely targets. Read more

today.reuters.co.uk:
eBay condemned for allowing "rampant" ivory trade. Read more

www.wired.com:
Linkin Park's Mysterious Cyberstalker. Read more

www.bloginfosec.com:
Kevin Mitnick in Playboy Magazine. Read more

14 May 2007

Guides, Papers, etc
blogs.securiteam.com:
From broadband routers insecurity to significance of what we do. Read more

isc.sans.org:
Interesting German pump-and-dump spam. Read more

isc.sans.org:
BEA 10 users, May 14 may not be your day. Read more

blogs.ittoolbox.com:
Why Security Pros Use Macs. Read more

 

Vulnerabilities & Exploits
michaeldaw.org:
WordPress 2.1.3 Akismet Vulnerability. Read more

seclists.org:
Design Flaw in Deutsche Telekom Speedport w700v broadband router. Read more

moaxb.blogspot.com:
MoAxB #13: ID Automation Linear Barcode ActiveX Control (IDAutomationLinear6.dll) v. 1.6.0.5 DoS. Read more

 

News
www.theregister.co.uk:
One in 10 web pages laced with malware - Google. Read more

www.computerworld.com.sg:
Cisco says FTP feature in IOS can provide hacker backdoor. Read more

www.theaustralian.news.com.au:
Nigerian scam victims keep sending money. Read more

money.cnn.com:
Microsoft takes on the free world. Read more

www.itnews.com.au:
Cyber-fraudsters bookmark e-gold. Read more

12 May 2007

Guides, Papers, etc
blogs.technet.com:
WinHEC, TechEd and MSDRT. Read more

blogs.securiteam.com:
Broadband routers and botnets - being proactive. Read more

www.avertlabs.com:
China Growing Rapidly as Crimeware Host. Read more

www.symantec.com:
Malware Update with Windows Update. Read more

www.f-secure.com:
Just because it's Signed doesn't mean it isn't spying on you. Read more

www.virusbtn.com/:
Phishing techniques and technology revealed. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Spam bots. Read more

blogs.pandasoftware.com:
Zunker Bot. Read more

isc.sans.org:
BEA 10 users, May 14 may not be your day. Read more

isc.sans.org:
Nokia Intellisync Mobile Suite. Read more

blogs.msdn.com:
New File Converter Coming Soon. Read more

blog.spywareguide.com:
USB Worm Targets Firefox, Orkut and YouTube. Read more

www.computerworld.com:
Vista betas, RCs can't install patches. Read more

www.darkreading.com:
Securent Steps Into Database Data. Read more

www.darkreading.com:
Profit-Minded Trojans. Read more

www.darkreading.com:
Two-Factor: Too Far? Read more

www.darkreading.com:
Security Treadmill. Read more

www.schneier.com:
Is Big Brother a Big Deal? Read more

taosecurity.blogspot.com:
Response to Bruce Schneier Wired Story. Read more

www.computerpoweruser.com:
An Interview With Gadi Evron, Security Evangelist With Beyond Security. (Subscription needed)Read more

ha.ckers.org:
BlueHat Pics. Read more

www.securitycadets.com:
Spybot Search & Destroy Bows To No One!! Read more

zdpub.vo.llnwd.net:
Audio: How Botnets Are Lo-bot-omizing Your PC. Listen

www.securitycadets.com:
Video: CyberDefender and it�s adverts! Watch

wm.microsoft.com:
Video: Windows Vista PreOS Environment: What happens before the OS loads. Watch

wm.microsoft.com:
Video: Processes Gone Wild: Understanding Windows Vista Reliability Mechanics. Watch

wm.microsoft.com:
Video: Mark Russinovich: From Winternals to Microsoft, On Windows Security, Windows CoreArch. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
CA Anti-Virus for the Enterprise Buffer Overflows Let Remote and Local Users Execute Arbitrary Code. Read more

securitytracker.com:
Darwin Streaming Server RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris Sun Remote Services Net Connect 'srsexec' Utility Lets Local Users View Arbitrary Files. Read more

securitytracker.com:
Novell NetMail Buffer Overflow in 'NMDMC.EXE' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
FreeRADIUS EAP-TTLS Memory Leak Lets Remote Users Deny Service. Read more

moaxb.blogspot.com:
MoAxB #12: PrecisionID Barcode ActiveX (PrecisionID_DataMatrix.DLL) 1.3 Denail of Service. Read more

 

Tools:
fileforum.betanews.com:
Opera for Windows 9.21 Build 8776 Beta. Read more

 

News
www.theregister.co.uk:
Malware authors subvert Windows Update. Read more

www.virusbtn.com:
1.4 million Chinese infected over holiday week. Read more

www.channelinsider.com:
ANI Trojan Sticks It to Popular Geek Hardware Site Visitors. Read more

www.securitypronews.com:
USB Worm Has Taste For Firefox, YouTube. Read more

news.zdnet.co.uk:
Microsoft cuts back on virtualisation features. Read more

news.bbc.co.uk:
Child porn accused tell of ordeal. Read more

11 May 2007

Guides, Papers, etc
isc.sans.org:
Mailbag: MS Patches / Symantec Vuln. Read more

isc.sans.org:
Malware from dot-CN. Read more

blogs.securiteam.com:
I�m Federal Air Marshal and I found my identity from TSA�s HD. Read more

www.sophos.com:
Mothering Spamday - Spam hits inboxes in run-up to Mother's Day. Read more

www.eweek.com:
Bots on the Corporate LAN. Read more

ddanchev.blogspot.com:
Defeating Virtual Keyboards. Read more

www.itpro.co.uk:
Is paying hackers good for business? Read more

www.itnews.com.au:
Study: Workers steal data when changing jobs. Read more

www.darkreading.com:
California Hammers on E-Voting. Read more

sunbeltblog.blogspot.com:
Interview with a phisher. Read more

internetcommunications.tmcnet.com:
Mom Knows Who You're Calling. Read more

www.infoworld.com:
Should vendors close all security holes? Read more

www.informationweek.com:
Cyberthieves Getting Good At Connecting The Dots, Expert Reports. Read more

aolradio.podcast.aol.com:
Audio: Security Now 91: Marc Maiffret of eEye Digital Security. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Gnash DEFINESPRITE Tag Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Vim Sandbox Functions Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
SquirrelMail Input Validation Holes in HTML Filter Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Symantec pcAnywhere Discloses Passwords to Local Administrators. Read more

securitytracker.com:
Norton Internet Security 'NAVOPTS.DLL' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco IOS FTP Server Lets Remote Users Read and Write Files and Denial of Service. Read more

moaxb.blogspot.com:
Morovia Barcode ActiveX Professional Arbitrary file overwrite. Read more

 

Tools:
www.securiteam.com:
Wfuzz - The Web Bruteforcer. Read more

blogs.msdn.com:
Internet Explorer Developer Toolbar - Get it Now! Read more

 

News
www.pcadvisor.co.uk:
Windows Update hack bypasses firewalls. Read more

news.com.com:
Cybercrooks add QuickTime, WinZip flaws to arsenal. Read more

www.theregister.co.uk:
Google sets legal attack dogs on Dutch cybersquatter. Read more

www.viruslist.com:
Credit card fraudsters jailed in UK. Read more

slashdot.org:
Thousands of ICQ Numbers Deleted. Read more

www.theregister.co.uk:
iPods 'mess with pacemakers'. Read more

10 May 2007

Guides, Papers, etc
www.f-secure.com:
Advanced tools to handle stolen information. Read more

isc.sans.org:
Microsoft Ends Support for Windows Server 2003 RTM/Gold. Read more

blogs.securiteam.com:
.ANI fuzzing module released. Read more

www.symantec.com:
Multiplying Hacks. Read more

honeyblog.org:
"Exploring Multiple Execution Paths for Malware Analysis". Read more

www.darkreading.com:
The Phisher King. Read more

blogs.authentium.com:
Changes in the Landscape. Read more

blog.support-intelligence.com:
Company Profile: Intel. Read more

www.eweek.com:
Java Security Traps Getting Worse. Read more

www.networkcomputing.com:
Strategic Security: Web Applications Scanners. Read more

news.zdnet.co.uk:
Gates outlines goals for Microsoft's ad business. Read more

www.computerworld.com:
How Internet criminals will evade Vista's safeguards. Read more

ore-exposed.obu-investigators.com:
Operation Ore - A Victim's Story. Read more

www.lightbluetouchpaper.org:
Follow the money, stupid. Read more

msdn2.microsoft.com:
Windows Vista ISV Security. Read more

www.net-security.org:
(IN)SECURE Magazine ISSUE 11. Read more

podcasts.mcafee.com:
Audio: AudioParasitics Episode 5. Listen

news.zdnet.co.uk:
Video: Sun introduces JavaFX. Watch

 

Vulnerabilities & Exploits
www.cisco.com:
Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server. Read more

moaxb.blogspot.com:
MoAxB #09: BarCodeWiz ActiveX Control 2.0 (BarcodeWiz.dll) Remote Buffer Overflow Exploit. Read more

moaxb.blogspot.com:
MoAxB #08: SmartCode VNC Manager 3.6 (scvncctrl.dll) Denial of service. Read more

moaxb.blogspot.com:
MoAxB #07: Versalsoft HTTP File Uploader (UFileUploaderD.dll) 'AddFile' method Buffer Overflow. Read more

securitytracker.com:
IBM DB2 DB2JDS Service Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.pcadvisor.co.uk:
Microsoft invites hackers back for Blue Hat event. Read more

www.technewsworld.com:
University of Missouri Burned in Second Hack Attack. Read more

www.technewsworld.com:
Microsoft Fends Off Zombies, Worms and Bugs With Patch Tuesday. Read more

www.itnews.com.au:
Sophos warns of 'escort' spam. Read more

www.sophos.com:
General Pinochet's grandson latest lure used by email scammers. Read more

www.komotv.com:
Shredded East German secret police files being reassembled by computer. Read more

www.terra.net.lb:
Microsoft virtual research center unites Latin American scientists. Read more

news.bbc.co.uk:
Child porn suspects blame fraud. Read more

09 May 2007

Guides, Papers, etc
www.benedelman.org:
How Spyware-Driven Forced Visits Inflate Web Site Traffic Counts. Read more

www.f-secure.com:
9th of May. Read more

www.f-secure.com:
PhD on Viruses. Read more

www.f-secure.com:
Security Tales. Read more

isc.sans.org:
Ramp up on Port 5168. Read more

isc.sans.org:
419 death threat scam. Read more

www.avertlabs.com:
Unsubscribe getting worse. Read more

www.avertlabs.com:
A new root�Kid� on the block. Read more

www.darkreading.com:
Five Security Flaws in IPv6. Read more

www.darkreading.com:
Honeypot Proves to Be Sticky. Read more

www.darkreading.com:
Trust & Deception. Read more

www.webappsec.org:
Web Security Threat Report: January � April 2007. Read more

ddanchev.blogspot.com:
DDoS on Demand VS DDoS Extortion. Read more

www.eweek.com:
Turning the Windows Aircraft Carrier. Reda more

blog.washingtonpost.com:
AOL's Password Puzzler. Reda more

blogs.securiteam.com:
Fixes for MoPB - how about M.O.M.B.Y.? Read more

blogs.securiteam.com:
Cryptome has a new ISP. Read more

www.theregister.co.uk:
Clearing swap and hibernation files properly. Read more

www.ictworld.co.za:
Spyware and viruses - two separate problems requiring separate defences. Read more

ha.ckers.org:
Phishing Social Networking Sites. Read more

www.computerweekly.com:
The trouble with Google hacking techniques. Read more

www.arsgeek.com:
How to track and recover your Linux laptop if it gets stolen. Read more

www.pdfzone.com:
How to Smuggle Porn with PDF. Read more

www.eweek.com:
Opinion: BioPassword may be the next big thing in biometrics. Read more

blogs.zdnet.com:
What�s next for Internet Explorer? Microsoft opens up (a little). Read more

news.zdnet.com:
Vista draining laptop batteries, patience. Read more

www.darkreading.com:
Reluctant Rock Star. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Exchange Base64, iCal, IMAP, and Attachment Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Office Drawing Object Validation Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Word Array and RTF Processing Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Excel Specially Crafted BIFF Records, Set Font Values, and Filter Records Permit Remote Code Execution. Read more

securitytracker.com:
McAfee SecurityCenter Buffer Overflow in the McSubMgr ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP libxmlrpc Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Buffer Overflow in make_http_soap_request() May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP CRLF Injection Bug Lets Remote Users Execute Arbitrary FTP Commands. Read more

securitytracker.com:
HP Tru64 'dop' Command Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Adobe RoboHelp Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
VMware Bugs Let Local Users Deny Service. Read more

securitytracker.com:
Trend Micro ServerProtect Buffer Overflows in EarthAgent and SpntSvc Daemons Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris facl() Integer Error Lets Local Users Deny Service. Read more

 

Tools:
www.itworld.com:
VMware upgrade adds Vista support. Read more

 

News
www.f-secure.com:
Patch Tuesday, May Edition. Read more

www.securityfocus.com:
TSA loses 100,000 employee records. Read more

stopbadware.org:
StopBadware.org Identifies Companies Hosting Large Numbers of Websites That Can Infect Internet Users With Badware. Read more

www.newsfactor.com:
New Trojan Mimics Windows Reactivation. Read more

online.wsj.com:
How Credit-Card Data Went Out Wireless Door. Read more

www.securityfocus.com:
Microsoft patches Office, IE 7 flaws. Read more

www.techworld.com:
Rivals pour scorn on Microsoft security tool. Read more

www.fresnobee.com:
Former expert witness pleads guilty to perjury. Reda more

www.techworld.com:
Retro worm sniffs out USB drives. Read more

www.virusbtn.com:
ZOO archive issues hit security vendors. Reda more

www.viruslist.com:
Estonia arrests first hacker over cyberattacks. Read more

04 May 2007

Guides, Papers, etc
www.f-secure.com:
Masters of Their Domain. Read more

isc.sans.org:
Announcement for next week's Microsoft patches. Read more

www.symantec.com:
MS Needs Your Credit Card Details? Read more

ddanchev.blogspot.com:
Winamp PoC Backdoor and a Zero Day. Read more

honeyblog.org:
Collecting Malware via Botnet Tracking. Read more

sunbeltblog.blogspot.com:
The "hidden" clickfraud. Read more

ha.ckers.org:
OpS Opera Weirdness. Read more

mcwresearch.com:
Evaluating malware from a network perspective. Read more

www.eweek.com:
Commtouch: Malware Writers' Tactics Evolving. Read more

www.eweek.com:
A Real Shot at Consumers Two-Factor Authentication. Read more

www.eweek.com:
Unpacking the Digg-AACS Controversy. Read more

franticindustries.com:
How to: access Pandora from outside the US. Read more

www.darkreading.com:
Microsoft's Cuddly Side. Read more

www.darkreading.com:
No More Spyware. Read more

www.darkreading.com:
IPS: Still Playing Catch Up. Read more

www.darkreading.com:
SEC: WFI Insider Stole $7.7M. Read more

aolradio.podcast.aol.com:
Security Now 90: Multifactor Authentication. Listen

rssnewsapps.ziffdavis.com:
Audio: Best Practices in Security.
In this Podcast, Rosenberger discusses "In-the-cloud" real-time protection and a Multi-layered, multi-pronged approach. Listen

rssnewsapps.ziffdavis.com:
Audio: Recent Examples and Impacts of Web Threats.
Discussion addressing ZLOB, PE Looked, RINBOT and LINKOPTIM. Listen

rssnewsapps.ziffdavis.com:
Audio: Protection: Common Pitfalls.
In this Podcast, Sal Salamone discusses the belief that current protection is sufficient, traditional solutions protect only against known threats, performance requirements and the need for a dynamic solution. Listen

www.determina.com:
Heap FengShuiin JavaScript. Read more

 

Vulnerabilities & Exploits
moaxb.blogspot.com:
MoAxB #04 bonus: ActSoft DVD-Tools (dvdtools.ocx v. 3.8.5.0) Stack Overflow Exploit. Read more

securitytracker.com:
HP ProCurve 9300m Switches Let Remote Users Deny Service. Read more

 

Tools:
www.subrosasoft.com:
MacLockPick� is a valuable tool for law enforcement professionals to perform live forensics on Mac OS X systems. The solution is based on a USB Flash drive that can be inserted into a suspect's Mac OS X computer that is running (or sleeping). Once the software is run it will extract data from the Apple Keychain and system settings in order to provide the examiner fast access to the suspect's critical information with as little interaction or trace as possible.. Read more

 

News
technology.timesonline.co.uk:
Hackers target hotspots in new phishing attack. Read more

www.sophos.com:
Danger USB! Worm targets removable memory sticks to infiltrate business. Read more

www.channelregister.co.uk:
Poisoned MP4 files threaten Winamp users. Read more

www.msnbc.msn.com:
Hackers hijack satellite TV in Southern China. Read more

www.i4u.com:
Microsoft Advance Security Bulletin - You will reboot Next Week. Read more

news.zdnet.co.uk:
White hats break two-factor banking security. Read more

www.internetnews.com:
Security Vendors Debate the 'Arms Race'. Read more

www.chillingeffects.org:
AACS licensor complains of posted key. Read more

www.vnunet.com:
Symantec smokes out threats with Hamlet. Read more

www.itnews.com.au:
Microsoft forces pirate to advertise his guilt. Read more

03 May 2007

Guides, Papers, etc
www.securityfocus.com:
Time for a new certification. Read more

www.symantec.com:
DoS extortion is no longer profitable. Read more

www.avertlabs.com:
Simple Security - How can I tell if an e-mail or Web site is �suspicious�? Read more

sunbeltblog.blogspot.com:
Seen in the wild: "insidesecondlife". Read more

blogs.ittoolbox.com:
Nope, they're victims too. Read more

ddanchev.blogspot.com:
The Brandjacking Index. Read more

www.darkreading.com:
DR's 10 Most Popular Stories Ever. Read more

www.darkreading.com:
Microsoft Marches to Forefront. Read more

www.darkreading.com:
DRM Hack Flap Sparks Digg 'Riot'. Read more

www.darkreading.com:
Virtual Riots No Laughing Matter. Read more

www.ush.it:
Interview with Rain Forest Puppy. Read more

twit.cachefly.net:
Audio: Futures in Biotech 15: The SuperNet. Dr. Larry Smarr discusses the future of computing and the internet...Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco PIX Firewall DHCP Relay Agent Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco ASA DHCP Relay Agent Lets Remote Users Deny Service. Read more

securitytracker.com:
LiveData Protocol Server Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
XScreenSaver LDAP Authentication Error Lets Physically Local Users Bypass the Password Feature. Read more

securitytracker.com:
Cisco ASA Bugs Let Remote Users Bypass LDAP Authentication and Deny Service. Read more

securitytracker.com:
Cisco PIX Bugs Let Remote Users Bypass LDAP Authentication and Deny Service. Read more

securitytracker.com:
Winamp MP4 Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris BSM Auditing Lets Local Users Crash the System. Read more

securitytracker.com:
Sun Java System Directory Server BER Decoding Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
Apple FTPServer Lets Remote Authenticated Users Traverse the Directory. Read more

securitytracker.com:
GCC FastJar Directory Traversal Lets Users Cause Files to Be Overwritten. Read more

 

News
www.computerworld.com:
Document shell-code attacks on the rise. Read more

www.technewsworld.com:
Apple Makes Quick Work of QuickTime Bug. Read more

www.securityfocus.com:
Hi-def hacking war heats up. Read more

www.theregister.co.uk:
Month of ActiveX bugs yields results. Read more

www.kgw.com:
Has your PC been hijacked by hackers? Read more

www.theregister.co.uk:
DDoS attacks fall as crackers turn to spam. Read more

www.esecurityplanet.com:
Spammers Find New Ways Around Filters. Read more

money.guardian.co.uk:
It's easy money, says online fraudster who stole �250,000. Read more

02 May 2007

Guides, Papers, etc
www.computerworld.com.au:
The color of information security. Read more

isc.sans.org:
Winamp 0-day. Read more

www.avertlabs.com:
Hiding URLs in Internet Explorer. Read more

blog.siteadvisor.com:
MySpace Phishing. Read more

www.websense.com:
Malicious Web site / Malicious Code: Malcode found on Mexican .Gov site. Read more

www.sophos.com:
April brings a deluge of web attacks, Sophos reports. Read more

msmvps.com:
Watching Winfixer using Alexa. Read more

www.pcmag.com:
Top Threat: The Sober Resurgence. Read more

www.darkreading.com:
Security's Biggest Train Wrecks. Read more

www.darkreading.com:
Here's to You. Read more

ddanchev.blogspot.com:
The Brandjacking Index. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Java Web Start Incorrect Use of System Classes Lets Users Gain Elevated Privileges. Read more

securitytracker.com:
BIND query_addsoa() Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
X Divide By Zero Error in Xrender Extension Lets Users Deny Service. Read more

securitytracker.com:
OPeNDAP URL Input Validation Bug Lets Remote Users Execute Arbitrary Code. Read more

labs.idefense.com:
Cerulean Studios Trillian Multiple IRC Vulnerabilities. Read more

securitytracker.com:
Trillian IRC and Display Engine Heap Overflows Let Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Apple patches Mac, QuickTime flaws. Read more

www.newsnow.co.uk:
Security pros warn of 'critical' Winamp bug. Read more

www.vnunet.com:
Corporate spambots named and shamed. Read more

www.theregister.co.uk:
VeriSign will ship two-factor authentication for debit cards. Read more

www.vnunet.com:
First flaws surface in new Photoshop. Read more

www.usatoday.com:
Hackers set traps on broad websites. Read more

news.zdnet.co.uk:
Mac security concerns grow. Read more

media.www.the-beacon.net:
Student suspended for bypassing network security. Read more

www.gcn.com:
Big Brother goes mobile. Read more

01 May 2007

Guides, Papers, etc
software.silicon.com:
Schneier: 'We shouldn't need a security industry'. Read more

www.schneier.com:
Google Ad Hack. Read more

www.bcs.org:
Audio: Schneier Talk at the British Computer Society. Listen

www.sophos.com:
Electronic postcard arrives with a web sting in its tail, Sophos warns. Read more

www.itnews.com.au:
Security firm publishes video of Google AdWords scam. Read more

www.sci-tech-today.com:
Many Defenses To Fight Zero-Day Hacks. Read more

www.securitypark.co.uk:
Taking botnets down. Read more

blogs.securiteam.com:
Worse luck. Read more

www.f-secure.com:
Update on the Estonian DDoS attacks. Read more

www.f-secure.com:
EGold indicted for money laundering and illegal money transmitting. Read more

www.f-secure.com:
Unrest in Estonia. Read more

www.techworld.com:
Why Vista cursors got hacked. Read more

www.esecurityplanet.com:
Spammers Are Due For A Surprise. Read more

securitywatch.eweek.com:
Image Spam Uses Photo-Sharing Site to Sneak Under Radar. Read more

honeyblog.org:
Web-based Honeypot Decoys: Results I. Read more

www.computerworld.com:
Why companies can't kick the adware habit. Read more

www.darkreading.com:
Austin City Limits. Read more

www.darkreading.com:
By the Light of the Silvery Web. Read more

ddanchev.blogspot.com:
Video Demonstration of Vbootkit. Read more

myappsecurity.blogspot.com:
Reflection on Andrew Van Der Stock. Read more

www.kaspersky.com:
Online Scanner Top Twenty for April 2007. Read more

www.kaspersky.com:
Virus Top Twenty for April 2007. Read more

news.bbc.co.uk:
How to keep your wi-fi network safe. Read more

 

Vulnerabilities & Exploits
labs.idefense.com:
VMware Workstation Shared Folders Directory Traversal Vulnerability. Read more

securitytracker.com:
Linux Kernel utrace Bug Lets Local Users Deny Service. Read more

securitytracker.com:
HP Power Manager Remote Agent Lets Local Users Gain Root Privileges. Read more

 

News
blog.baselinemag.com:
Bots Found Inside Many Big Companies. Read more

www.pcadvisor.co.uk:
Windows Vista hacks set to be revealed. Read more

www.theregister.co.uk:
Hotmail's antispam measures snuff out legit emails, too. Read more

www.theregister.co.uk:
Owners of E-Gold indicted for money laundering. Read more

www.darkreading.com:
E-Gold Indicted for Money-Laundering. Read more

www.viruslist.com:
Hackers target official Estonian portals in conflict over Soviet-era monument. Read more

www.techworld.com:
Viruses are hiding in spam. Read more

www.vnunet.com:
Malware authors cut out attachments. Read more

www.vnunet.com:
Rogue software floods anti-spyware market. Read more

www.theregister.co.uk:
Child porn investigations keep FBI agents busy. Read more


Copyright� MegaSecurity.org