Home    News Archive    Translate Traducen
News July 2005
31 July 2005

Guides, Papers, etc
blogs.msdn.com:
Standards and CSS in IE. Read more

www.spywarewarrior.com:
The State of Hotbar Detections by some antispyware programs. Read more

www.securitydocs.com:
Computer Virus. Read more

Back-Door�ed by the Slammer. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
phpeasynews v1.13 RC2 (possibly prior versions) cross site scripting, path disclosure , user check bypass. Read more

www.securityfocus.com:
Trillian Ver 3.1 saves password's in plain Text. Read more

 

News
news.com.com:
Hackers rally behind Cisco flaw finder. Read more

news.com.com:
Feds look to hire at Defcon. Read more

news.com.com:
More legal threats over Cisco flaws. Read more

www.wired.com:
Whistleblower Faces FBI Probe. Read more

www.vnunet.com:
Cisco/ISS go after websites in IOS spat. Read more

makezine.com:
DefCon Coverage from MakeZine.com. Read more

edition.cnn.com:
Geeks gather at 'What The Hack'. Read more

software.silicon.com:
Microsoft gets outside help for IE 7. Read more

www.vnunet.com:
Virus writer gets bitchy. Read more

www.technewsworld.com:
Feds Eye New Mission: Zombie Hunting. Read more

www.wired.com:
A Hacker Games the Hotel. Read more

www.technewsworld.com:
Eight Charged in Internet Piracy Probe. Read more

www.technewsworld.com:
Latest Online Scam Prompts Warning. Read more

. 30 July 2005

Guides, Papers, etc
www.securityfocus.com:
Exclusive Preview of Stealing the Network: How to Own an Identity. Read more

msdn.microsoft.com:
About Window Restrictions. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
Web Content Management News System Administrative Account creation & cross site scripting poc. Read more

www.rgod.altervista.org:
qliteNews arbitrary database manipulation & cross site scripting poc exploit. Read more

securitytracker.com:
Cisco IOS IPv6 Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP NonStop Server DCE Core Services Daemon Can Be Crashed By Remote Users. Read more

securitytracker.com:
Linksys WRT54G Common SSL Certificate and Private Key Lets Remote Users Decrypt Management Sessions. Read more

securitytracker.com:
Novell Modular Authentication Service May Let Remote Users Change Passwords. Read more

securitytracker.com:
PHPmyGallery Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Opera 'javascript:' Object Dragging Flaw May Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Opera Error in Processing Extended ASCII Codes Lets Remote Users Spoof File Extensions in the Download Dialog Box. Read more

www.cisco.com:
Cisco Security Advisory: IPv6 Crafted Packet Vulnerability. Read more

www.debian.org:
DSA-770-1 gopher -- insecure tmpfile creating. Read more

www.debian.org:
DSA-769-1 gaim -- memory alignment bug. Read more

www.debian.org:
DSA-768-1 phpbb2 -- missing input validation. Read more

www.debian.org:
DSA-767-1 ekg -- integer overflows. Read more

 

News
www.securityfocus.com:
Settlement reached in Cisco flaw dispute. Read more

www.techworld.com:
Security researcher quits job to defy Cisco. Read more

www.techweb.com:
Cisco Threatens Web Site That Leaked Exploit Presentation. Read more

news.bbc.co.uk:,br> FBI holds eight on piracy charge. Read more

www.chron.com:
Hackers find way around Microsoft's anti-piracy push. Read more

www.theregister.co.uk:
Sophos bug highlights wider anti-virus flaws. Read more

www.theregister.co.uk:
Phishing attacks soar as viral onslaught wanes. Read more

informationweek.com:
Hackers Gather For Woodstock-Style Conference. Read more

www.iht.com:
At hackers conference, orderly mayhem rules. Read more

informationweek.com:
Investors Warned About Online Accounts. Read more

news.com.com:
Oracle vs. the hackers. Read more

in.today.reuters.com:
PGP founder unveils secure Internet phone. Read more

news.bbc.co.uk:
GTA sex scandal hits Australia. Read more

. 29 July 2005

Guides, Papers, etc
www.viruslist.com:
Malware Evolution: April - June 2005. Read more

www.dmst.aueb.gr:
Security Applications of Peer-to-Peer Networks. Read more

www.eweek.com:
Windows Vista Security Looks Promising by Larry Seltzer. Read more

www.whitedust.net:
interview with Paul Watson. Watson, who discovered a flaw in TCP/IP that could allow attackers to reset connections. Read more

www.windowsecurity.com:
Securing Windows Member Servers. Read more

astalavista.com:
Trojan Horse Attacking Strategy on Quantum Cryptography. Read more

astalavista.com:
arphide, hiding hosts inside trusted networks. Read more

 

Tools:
www.callingid.com:
CallingID� protects Internet users from becoming scam victims. Read more

 

Vulnerabilities & Exploits
www.boingboing.net:
Microsoft "Genuine Advantage" cracked in 24h. Read more

rgod.altervista.org:
php news manager 1.45/1.46/1.47 (last release date 2005-05-03) login bypass/sql injection, multiple cross site scripting & path disclosure. Read more

rgod.altervista.org:
PHPFreeNews Version 1.32 news cross site scripting, path disclosure, information disclosure PHPFreenews previous versions MySQL injection / Login bypass. Read more

securitytracker.com:
Opera 'javascript:' Object Dragging Flaw May Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Simplicity oF Upload Lets Remote Users Upload and Execute Arbitrary Code. Read more

securitytracker.com:
McAfee WebShield Appliance Default Password May Grant Access to Remote Users. Read more

securitytracker.com:
MDaemon Input Validation Hole in Attachment Quarantine Feature Lets Remote Users Write Files to Arbitrary Locations. Read more

securitytracker.com:
Sophos Anti-Virus Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
FreeBSD Bug in IPSec AES-XCBC-MAC Algorithm May Cause the Incorrect Key to Be Used. Read more

 

News
seattletimes.nwsource.com:
Microsoft suit wasn't personal, ex-VP says he was told. Read more

www.theregister.co.uk:
Microsoft uses former exec as lawsuit springboard 'to stop' Google. Read more

www.securitypipeline.com:
Treat Windows Vista As A Massive Security Patch. Read more

www.eweek.com:
Hackers Claim Crack of Microsoft Genuine Advantage Scan. Read more

news.zdnet.com:
Microsoft enlists security partner in browser update. Read more

www.theregister.co.uk:
Hackers look outside Windows for flaws. Read more

www.theinquirer.net:
Judge backs Microsoft. Read more

www.theregister.co.uk:
Vista - searching for something fresh. Read more

www.wired.com:
Cisco Security Hole a Whopper. Read more

www.latimes.com:
Exposer of Cisco Flaws to Go Silent. Read more

www.theregister.co.uk:
IE7 nukes Google, Yahoo! search. Read more

news.zdnet.com:
Flaw researcher settles dispute with Cisco. Read more

www.iol.co.za:
Bank reveals details of phishing attack. Read more

www.theregister.co.uk:
Lighten up: spam should be a game. Read more

news.zdnet.com:
Congress threatens P2P networks on porn. Read more

dailytelegraph.news.com.au:
Piracy charges after 15-nation sweep. Read more

. 28 July 2005

Guides, Papers, etc
www.microsoft.com:
Anti-phishing White Paper. Read more

 

Tools:
www.geocities.com/ijookeren:
Open TelnET with PasSWord, Stealth BAckGround Proses..Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Sophos AntiVirus Products Remote Heap Overflow Vulnerability. Read more

www.frsirt.com:
McAfee WebShield User Interface Default Credentials Issue. Read more

www.securityfocus.com:
Getting round website authentication with Firefox. Read more

securitytracker.com:
VBZooM Forum Input Validation Bug in 'show.php' May Let Remote Users Inject SQL Commands. Read more

securitytracker.com:
IBM Lotus Domino Discloses Hashed Passwords and Other Information to Remote Authenticated Users. Read more

securitytracker.com:
Ethereal ~20 Dissector Bugs Let Remote Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
SPI Dynamics WebInspect Reporting Function Lets Remote Sites Execute Scripting Code on the Target System. Read more

securitytracker.com:
CartWiz Input Validation Hole in 'viewCart.asp' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
FTPshell Bug in Handling Closed Connections Lets Remote Users Crash the FTP Service. Read more

www.securiteam.com:
FtpLocate Command Execution (Exploit). Read more

www.securiteam.com:
SlimFTPd Buffer Overflow (LIST). Read more

 

News
news.com.com:
Antivirus insecurity at Black Hat confab. Read more

www.theregister.co.uk:
Personal storage sites are a 'safe haven for hackers'. Read more

www.techweb.com:
Hackers Spreading Spyware From Free Personal Web Sites. Read more

news.zdnet.co.uk:
Cisco tries to silence researcher. Read more

www.iht.com:
Techbrief: Hacker on a mission. Read more

today.reuters.com:
Microsoft releases trial version of Windows Vista. Read more

reviews.zdnet.co.uk:
Windows Vista: a first look. Read more

www.theregister.co.uk:
Red Hat holes less severe than Windows - study. Read more

www.theregister.co.uk:
'Pentagon hacker' McKinnon fights extradition. Read more

www.theregister.co.uk:
Internet has 'given Al Qaeda wings' claims BBC potboiler. Read more

news.zdnet.com:
Ex-Microsoft employee a million-dollar man. Read more

www.vnunet.com:
More e-crime training for UK police. Read more

. 27 July 2005

Guides, Papers, etc
www.windowsecurity.com:
Installing and Configuring Microsoft�s Data Protection Manager (DPM) Part 1. Read more

www.securityelf.org:
Software Misuse: from malicious actions to mind control. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
Simplicity OF Upload 1.3 (possibly prior versons) remote code execution & cross site scripting. Read more

securitytracker.com:
Sun Multilanguage Environment Library (libmle) Buffer Overflow Lets Local Users Obtain Elevated Privileges. Read more

securitytracker.com:
Office Connect Wireless 11g Access Point Discloses System Information to Remote Users. Read more

securitytracker.com:
Hosting Controller 'comgetfile.asp' Discloses Reseller Information to Remote Authenticated Users. Read more

securitytracker.com:
Ares Fileshare Buffer Overflow in Search History Lets Users Execute Arbitrary Code. Read more

securitytracker.com:
Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Gentoo Sandbox Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
NETonE phpBook Input Validation Hole in 'guestbook.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
FtpLocate Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Atomic Photo Album Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
SAP Internet Graphics Server Input Validation Hole Discloses Files to Remote Users. Read more

securitytracker.com:
Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-766-1 webcalendar -- authorisation failure. Read more

www.debian.org:
DSA-765-1 heimdal -- buffer overflow. Read more

www.cybsec.com:
Default Configuration Information Disclosure in Lotus Domino (Including password hashes). Read more

 

News
www.vnunet.com:
Internet security threat rises. Read more

www.mosnews.com:
Russia�s Biggest Spammer Brutally Murdered in Apartment. Read more

www.eweek.com:
Black Hat Confab to Spotlight Database Security. Read more

informationweek.com:
Security Researchers Share Crackers� Insider Tips. Read more

www.sans.org:
The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus. Read more

www.zdnet.com.au:
Hosting sites help hackers recruit 'zombies'. Read more

www.vnunet.com:
CA buys anti-spam firm. Read more

www.theregister.co.uk:
CA aims to curb spam with Qurb. Read more

management.silicon.com:
Police ask for power to hit terrorist websites. Read more

informationweek.com:
One In Four Identity-Theft Victims Never Fully Recover. Read more

australianit.news.com.au:
Hackers target backup flaws. Read more

www.wired.com:
Privacy Guru Locks Down VOIP. Read more

www.securityfocus.com:
3Com launches vulnerability-buying program. Read more

arstechnica.com:
Get paid for hacking? It's not just for movies anymore! Read more

www.geeknewscentral.com:
New E-Mail Virus Trick. Read more

informationweek.com:
Good Security Means Covering The Basics. Read more

www.vnunet.com:
Google adds RSS feeds to homepage. Read more

www.theregister.co.uk:
Fakers beware: no more MS updates for you. Read more

www.blackpressusa.com:
Beware of Internet scams: Nigeria 419. Read more

www.siliconvalley.com:
Many Internet users lagging on lingo. Read more

www.theregister.co.uk:
MS website trumpets 'pyramid' company. Read more

news.bbc.co.uk:
Student's role in �250m swindle. Read more

. 26 July 2005

Vulnerabilities & Exploits
www.rem0te.com:
ClamAV Library Rem�te Heap Overflows Security Advisory. Read more

securitytracker.com:
Clam AntiVirus Integer Overflows May Let Remote Users Deny Service. Read more

securitytracker.com
Fetchmail Buffer Overflow in Processing POP3 UID Values Lets Remote Servers Execute Arbitrary Code. Read more

www.securiteam.com:
Netquery Command Execution (Exploit). Read more

www.securiteam.com:
SlimFTPd RNFR Buffer Overflow (Exploit). Read more

www.securiteam.com:
Microsoft Color Management Buffer Overflow (MS05-036, Exploit). Read more

 

News
www.theregister.co.uk:
Spyware 'calling home' volumes soar. Read more

www.theregister.co.uk:
3Com puts a bounty on vulns. Read more

software.silicon.com:
Beware free web services, warns Websense. Read more

news.zdnet.com:
Attackers lurk on photo sites, firm warns. Read more

www.detnews.com:
Hackers' new strategy is to steal identifying information. Read more

www.zdnet.com.au:
Bankers wrestle with online security. Read more

news.zdnet.co.uk:
Banks urged to wise up on spyware. Read more

www.stuff.co.nz:
Two-factor security cracked - SentryBay. Read more

www.eweek.com:
Adware Tries to Climb Out of the Muck. Read more

news.bbc.co.uk:
Bug hunters get big cash rewards. Read more

www.theregister.co.uk:
FTC cracks down on email smut barons. Read more

software.silicon.com:
Gartner: Don't believe the tech security myths. Read more

www.techspot.com:
Spanish Police raid 300 email scammers. Read more

www.theregister.co.uk:
Sales of DVD duplication software blocked. Read more

www.sfgate.com:
2 professors go fishing for phishers Barriers erected to protect against password-theft scams. Read more

news.zdnet.com:
Google ups ante in mapping rivalry. Read more

news.zdnet.co.uk:
Testers get their hands on OneCare. Read more

. 25 July 2005

Guides, Papers, etc
www.eweek.com:
With a Name Like Microsoft� by Larry Seltzer. Read more

www.dailyherald.com:
Does Google know too much? Read more

 

Tools:
www.nixgeneration.com:
Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PHP FirstPost Include File Bug in 'block.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
RealChat Non-secure Login Protocol Lets Remote Users Impersonate Other Users. Read more

securitytracker.com:
GoodTech's SMTP Server Buffer Overflows in Processing RCPT TO Commands Let Remote Users Execute Arbitrary Code. Read more

 

News
www.theinquirer.net:
Chinese worms steal trade secrets. Read more

software.silicon.com:
Bug bounty hunters recruited by security firm. Read more

www.zdnet.com.au:
Is there method in Microsoft's security buys? Read more

www.businessweek.com:
They're Playing Our Virus. Read more

www.net4now.com:
Chief Police Officers require disclosure of encryption keys. Read more

searchenginewatch.com:
Microsoft Launches MSN Virtual Earth. Read more

www.macworld.com:
Yahoo! acquires Konfabulator. Read more

. 24 July 2005

Guides, Papers, etc
channel9.msdn.com:
Video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's Laws of Identity. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploit. Read more

 

News
www.theregister.co.uk:
UK police chiefs seek powers to attack terror web sites. Read more

www.techworld.com:
Ex-hacker preaches virtues of saying no. Read more

www.techworld.com:
World's biggest e-crime bust nets 310 people. Read more

www.techworld.com:
India Crushes 7/7 Worm Posing as News Footage. Read more

seattletimes.nwsource.com:
Microsoft Windows' new Vista. Read more

. 23 July 2005

Tools:
www.maxpatrol.com:
MaxPatrol Network Security Scanner Free unlimited version 7.0.1401 has been released. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
KF Web Server Discloses Directory Listings to Remote Users. Read more

securitytracker.com:
Domain Name Relay Daemon (DNRD) Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CMSimple Input Validation Hole in 'index.php' in 'search' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Asn Guestbook Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Contrexx Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
PHP TopSites Discloses Configuration Data to Remote Users. Read more

securitytracker.com:
Mozilla Firefox xpcom Race Condition Lets Remote Users Crash the Browser. Read more

securitytracker.com:
Mozilla Browser xpcom Race Condition Lets Remote Users Crash the Browser. Read more

securitytracker.com:
cpio Race Condition in 'copyin.c' Lets Local Users Modify File Permissions. Read more

securitytracker.com:
avast! antivirus Directory Traversal and Buffer Overflow in UNACEV2.DLL Lets Remote Users Write Files and Execute Arbitrary Code. Read more

securitytracker.com:
SlimFTPd Buffer Overflow in LIST, DELE, and RNFR Commands Lets Remote Authenticated Users Execute Arbitrary Code. Read more

www.securityfocus.com:
SlimFTPd Server: PoC Exploit. Read more

exploitlabs.com:
EXPL-A-2005-012 exploitlabs.com Advisory 041 PHP TopSites. Read more

 

News
www.theregister.co.uk:
MS Anti-Spyware built on MS Abandonware. Read more

www.theregister.co.uk:
Microsoft passes da Vista baby. Read more

news.zdnet.co.uk:
Is there method in Microsoft's security buys? Read more

www.informationweek.com:
Microsoft Beefing Up Windows Anti-Piracy Program. Read more

www.theinquirer.net:
Google retaliates by suing Microsoft. Read more

news.zdnet.co.uk:
Massive security breach may kill processing firm. Read more

news.com.com:
University of Colorado servers hacked. Read more

www.cyber-army.org:
Others: Hackers attacked Microsoft's Korean News site. Read more

news.bbc.co.uk:
Student's role in �250m swindle. Read more

blogs.zdnet.com:
Web searches growth: Google grows by 6%, Yahoo! by 9%, MSN loses 4%. Read more

blogs.zdnet.com:
60% of men but only 44% of women know what adware is. Read more

. 22 July 2005

Guides, Papers, etc
www.securityfocus.com:
Interview with Dan Kaminsky on Microsoft's security. Read more

www.securityfocus.com:
If it isn't broken...Read more

www.theglobeandmail.com:
The Web cookie is crumbling -- and marketers feel the fallout. Read more

www.eweek.com:
With a Name Like Microsoft� Read more

informationweek.com:
Voice Over IP's Quality Surprise. Read more

 

Vulnerabilities & Exploits
archives.neohapsis.com:
Compromising pictures of Microsoft Internet Explorer! Read more

www.rgod.altervista.org:
Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit. Read more

securitytracker.com:
zlib Buffer Overflow in 'inftrees.c' Lets Remote Users Deny Service. Read more

securitytracker.com:
EKG Integer Overflow in 'libgadu.c' May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Surveyor Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
FreeBSD devfs Access Control Bug May Let Local Users Gain Elevated Privileges. Read more

www.cyber-army.org:
POC exploit for the MS05-03 JPEG ICC overflow issue. Read more

www.frsirt.com:
Avast! Antivirus ACE Archive Handling Multiple Vulnerabilities. Read more

 

News
www.theregister.co.uk:
Worm wears iTunes guise. Read more

news.zdnet.com:
Unpatched IE flaws reported. Read more

news.com.com:
Spying worm spreads via MSN Messenger, AIM. Read more

news.com.com:
Longhorn to be renamed Windows Vista? Read more

www.technewsworld.com:
New Spam-Fighting Technique Under Scrutiny. Read more

news.com.com:
Google seeks to stop Microsoft from suing new hire. Read more

www.theregister.co.uk:
Google drugs ring smashed. Read more

. 21 July 2005

Guides, Papers, etc
www.windowsecurity.com:
Sys Admin: Friend or Foe? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Website Generator Image Upload Preview Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Blue Coat ProxySG Error in Processing TCP Sequence Numbers in ICMP Messages Lets Remote Users Deny Service. Read more

securitytracker.com:
Blue Coat Spyware Interceptor Error in Processing TCP Sequence Numbers in ICMP Messages Lets Remote Users Deny Service. Read more

securitytracker.com:
Blue Coat Director Error in Processing TCP Sequence Numbers in ICMP Messages Lets Remote Users Deny Service. Read more

securitytracker.com:
Blue Coat CacheOS Error in Processing TCP Sequence Numbers in ICMP Messages Lets Remote Users Deny Service. Read more

securitytracker.com:
Apple AirPort Card May Connect to Malicious Networks. Read more

www.securiteam.com:
phpSlash Account Hijacking (Exploit). Read more

www.securiteam.com:
OpenBB CID SQL Injection (Exploit). Read more

www.red-database-security.com:
Run any OS Command via unauthorized Oracle Forms. Read more

www.red-database-security.com:
Read parts of any file via desformat in Oracle Reports. Read more

www.red-database-security.com:
Various Cross-Site-Scripting Vulnerabilities in Oracle Reports. Read more

www.debian.org:
DSA-764-1 cacti -- several vulnerabilities. Read more

www.debian.org:
DSA-763-1 zlib -- remote DoS. Read more

 

News
news.com.com:
Microsoft licenses Finjan security patents. Read more

money.cnn.com:
Microsoft buys another security firm. Read more

www.geekinformed.com:
Microsoft Acquires e-Mail Security Company, FrontBridge. Read more

www.eetimes.com:
Microsoft to Acquire FrontBridge Technologies, a Leading Provider of Secure Messaging Services. Read more

news.com.com:
Kaspersky Lab to buy Spamtest Project. Read more

news.com.com:
iTunes IM worm drops adware. Read more

www.computerworld.com:
Attackers turning to fake online greeting cards. Read more

www.theregister.co.uk:
Firefox update fixes stability glitches. Read more

www.theregister.co.uk:
Firefox's Greasemonkey slippery on security. Read more

www.zdnet.com.au
Security experts round on Oracle over unpatched holes. Read more

www.theregister.co.uk:
ID theft fears prompt ecommerce boycott. Read more

www.theregister.co.uk:
Spam king surrenders his ignoble crown. Read more

www.sophos.com:
Over 300 arrested in huge 419 scam investigation, Sophos reports. Read more

news.com.com:
Bank branch robberies are passe. Read more

www.newsfactor.com:
Virus Bounties No Longer Effective. Read more

news.com.com:
ISPs versus the zombies. Read more

news.com.com:
Microsoft, Google duke it out for China. Read more

news.com.com:
9-year-old earns accolade as Microsoft pro. Read more

news.com.com:
Microsoft's eye on open source. Read more

www.computerworld.com.au:
Hacker Mitnick preaches social engineering awareness. Read more

www.net4now.com:
Security guru says write down passwords. Read more

voxilla.com:
VoIP Providers Worry as FCC Clams Up. Read more

. 20 July 2005

Guides, Papers, etc
online.wsj.com:
Where the Dangers Are
The threats to information security that keep the experts up at night -- and what businesses and consumers can do to protect themselves. Read more

www.windowsecurity.com:
Ethical Issues for IT Security Professionals. Read more

www.airmagnet.com:
Phlooding: Potential for New Distributed Wireless Attack Against Wired Authentication Assets. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Eksperymentalny Klient Gadu-Gadu (EKG) May Permit Command Execution and Local Privilege Escalation. Read more

securitytracker.com:
Alt-N MDaemon IMAP AUTHENTICATE and CREATE Command Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Race Driver Format String and Buffer Overflow Flaws May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Hosting Controller 'AccountActions.asp' Access Control Bug Lets Remote Authenticated Users Add Usernames. Read more

securitytracker.com:
MRV's In-Reach Port-Specific Access Controls Can Be Bypassed By Remote Authenticated Users. Read more

securitytracker.com:
Form Sender Input Validation Holes in 'processform.php3' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Novell GroupWise Webaccess Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
CuteNews Input Validation Holes in 'login.php' and 'search.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
e107 Input Validation Flaw in BBCode URL Tags Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
KDE Kate/Kwrite May Disclose Backup Files to Local Users or Remote Authenticated Users. Read more

www.debian.org:
DSA-762-1 affix -- several vulnerabilities. Read more

www.debian.org:
DSA-761-1 heartbeat -- insecure temporary files. Read more

www.debian.org:
DSA-760-1 ekg -- several vulnerabilities. Read more

www.debian.org:
DSA-759-1 phppgadmin -- missing input sanitising. Read more

 

News
www.computerworld.com.au:
Microsoft sues Google, former employee over hiring. Read more

www.theregister.co.uk:
Search Wars - the Empire strikes back. Read more

www.technewsworld.com:
Windows Flaw Could Allow DOS Attacks. Read more

www.cmpnetasia.com:
Windows XP DoS Bug Worse Than Thought. Read more

news.bbc.co.uk:
UN at odds over internet's future. Read more

www.washingtonpost.com:
Whose Internet? Read more

www.watchguard.com:
What's wrong with "spammer strikeback"? Let me count the ways... Read more

www.techweb.com:
Startup Aims To Overload Spammer Web Sites. Read more

www.vnunet.com:
Trojans stampede across the web. Read more

australianit.news.com.au:
US uni added to hacking hit-list. Read more

www.securitypipeline.com:
The Need To Focus On Hidden Security Threats. Read more

dozleng.com:
What�s the use of Security Advisories? Read more

www.dmreview.com:
Surging "Click Fraud" Imperils Internet Marketing. Read more

wired-vig.wired.com:
Terror Forum Sows Seeds of Jihad. Read more

. 19 July 2005

Guides, Papers, etc
www.usenix.org:
14th USENIX Security Symposium July 31-August 5, 2005, Baltimore, MD. Read more

astalavista.com:
Examining The Cyber Capabilities of Islamic Terrorist Groups. Read more

www.techworld.com:
Protective Layers: Securing Corporate Networks. Rea more

www.eweek.com:
It's Time to Standardize Vulnerability Day. Read more

How It Works...The Computer
This book was published in 1971, and the revised edition was published in 1979. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
VP-ASP Input Validation Holes in 'productid' and 'catalogid' Permit SQL Injection Attacks. Read more

securitytracker.com:
PHPPageProtect Input Validation Holes in 'admin.php' and 'login.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
SEO-Board Input Validation Hole in 'smilies_popup.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
DzSoft PHP Editor Lets Remote Users Hang the Service. Read more

securitytracker.com:
Small HTTP Server FTP Service Lets Remote Authenticated Users Write to Arbitrary Files. Read more

www.securiteam.com:
FutureSoft TFTP Server 2000 Remote Buffer Overflow Exploit. Read more

www.securiteam.com:
GNU Mailutils "imap4d" Format String (Exploit). Read more

www.spidynamics.com:
Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2. Read more

 

News
www.windowsitpro.com:
Microsoft Refreshes Windows AntiSpyware Beta. Read more

www.vnunet.com:
Virus bounties no longer effective. Read more

news.com.com:
Zone Labs adds spyware protection. Read more

software.silicon.com:
Symantec website under DDoS attack. Read more

www.pcauthority.com.au:
New worm uses old tricks. Read more

www.net4now.com:
New virus targets iTunes users. Read more

news.zdnet.co.uk:
Sasser's heirs spread slowly. Read more

www.usatoday.com:
Hackers shift focus to swiping ID information. Read more

news.zdnet.co.uk:
IE and MSN Messenger open door for attackers. Read more

news.com.com:
Coding misstep forces new Firefox release. Read more

news.com.com:
Windows flaw reaches beyond XP. Read more

www.itp.net:
Number of hijacked PCs increasing. Read more

www.technewsworld.com:
Sophos Launches Zombie-Seeking Service. Read more

news.com.com:
Between phishers and the deep blue sea. Read more

www.technewsworld.com:
Australian Banks May Be Losing $70 Million to Web Fraud. Read more

www.itp.net:
Banks fight off hacker attacks. Read more

www.theinquirer.net:
Man with spyware fixes problem by buying new PCs. Read more

news.bbc.co.uk:
'Amateur culture' set to explode. Read more

. 18 July 2005

Guides, Papers, etc
dr00.sts.winisp.net:
Analyzing Browser Based Vulnerability Exploitation Incidents. Read more

A PHYSIOLOGICAL DECOMPOSITION OF VIRUS AND WORM PROGRAMS by Prabhat Kumar Singh. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Tru64 TCP/IP ISN and ICMP Processing Flaws Let Remote Users Deny Service. Read more

securitytracker.com:
PowerDNS Input Validation Flaw in LDAP Backend and Error In Processing Restricted Recursion Requests Let Remote Users Deny Service. Read more

securitytracker.com:
Skype Unsafe Temporary File When Adding Pictures to Profiles May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Y.SAK Scripts Have Input Validation Holes That Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Hosting Controller 'IISActions.asp' Script Lets Remote Authenticated Users Add Domains/Subdomains. Read more

securitytracker.com:
Microsoft Internet Explorer (IE) JPEG Rendering Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Invision Power Board Input Validation Flaw in 'login.php' Permits SQL Injection. Read more

securitytracker.com:
Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service. Read more

www.debian.org:
DSA-758-1 heimdal -- buffer overflow. Read more

www.debian.org:
DSA-757-1 krb5 -- buffer overflow, double-free memory. Read more

 

News
www.theinquirer.net:
Google security is risk of the century. Read more

www.bizjournals.com:
Lawsuit cliams law firm hacked into Net library site. Read more

today.reuters.com:
Nigeria jails woman in $242 mln email fraud case. Read more

www.techspot.com:
Firefox site hacked. Read more

nwc.securitypipeline.com:
Cyber Crime Rates, Losses Fall, Says Survey. Read more

www.usatoday.com/:
Cybercrooks lure citizens into international crime. Read more

www.vnunet.com:
Nothing to fear but fear itself. Read more

. 17 July 2005

Tools:
www.apachesecurity.net:
Apache httpd Tools. Read more

lists.freebsd.org:
FreeBSD 6.0-BETA1 Available. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sybase EAServer Buffer Overflow in 'TreeAction.do' Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans. Read more

securitytracker.com:
BitDefender AntiVirus Fails to Scan All of Multiple Attachments. Read more

securitytracker.com:
Simple Message Board Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Belkin Wireless Router Grants Administrative Access to Remote Users. Read more

www.spidynamics.com:
Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2. Read more

 

News
Microsoft Security Advisory (904797)
Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service. Read more

news.zdnet.co.uk:
Opanki worm lives again on AIM. Read more

www.prweb.com:
Spyware.PCWash.com Renews Agreement with TrekBlue's Spyware Nuker Spyware Software and Spyware Remover to Offer Internet Users Effective Anti Spyware Software. Read more

www.theinquirer.net:
Turks set up alternative internet. Read more

. 16 July 2005

Guides, Papers, etc
www.windowsecurity.com:
The Student, the Teacher, and Optix Pro (Part 3). Read more

www.exploitx.com:
Rooting Linux with a floppy. Read more

today.reuters.com:
PluggedIn: White lies help stressed computer users. Read more

users.ece.gatech.edu:
Windows 2000 Root Kit Analysis. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Clever Copy Input Validation Hole in 'calendar.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Macromedia ColdFusion May Generate Duplicate Authentication Tokens in Certain Cases. Read more

securitytracker.com:
Macromedia JRun May Generate Duplicate Authentication Tokens in Certain Cases. Read more

securitytracker.com:
Sophos Anti-Virus Engine Infinite Loop in Processing BZIP2 Archives Lets Remote Users Deny Service. Read more

securitytracker.com:
MooseGallery 'display.php' Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
class-1 Forum Software Lets Remote Users Conduct Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
Clever Copy Lets Remote Users Conduct Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
Winamp MP3 ID3v2 Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CUPS Case Sensitive Location Directive May Let Remote Users Bypass Access Controls. Read more

 

News
www.theregister.co.uk:
Dell rejects spyware charge. Read more

www.theregister.co.uk:
Hackers attack Mozilla site to spread spam. Read more

www.zdnet.com.au:
Sophos hunts down zombie systems. Read more

www.technewsworld.com:
Trojan Horse Seeks Personal Financial Data. Read more

www.techweb.com:
Phishers Up Ante With 5x Spike In Trojans. Read more

www.terra.net.lb:
Greek police arrest alleged Internet fraudster preying on US bank accounts. Read more

sfgate.com:
Privacy is easy to breach. Read more

www.informationweek.com:
Trial Begins Against Accused Hacker. Read more

www.theinquirer.net:
Criminal caught by computer game. Read more

www.theinquirer.net:
Man campaigns for end to immoral games. Read more

www.technewsworld.com:
Hacker Tells of Bungle That May Have Cost $1 Million. Read more

www.eweek.com:
Maybe They Should Call It MS Pro-Spyware. Read more

software.silicon.com:
Critical flaws mar authentication tech. Read more

. 15 July 2005

Guides, Papers, etc
www.microsoft.com:
Setup and Maintenance Tips. Read more

 

Vulnerabilities & Exploits
xforce.iss.net:
Cisco VoIP Call Manager Remote Compromise. Read more

www.coresecurity.com:
MailEnable Buffer Overflow Vulnerability. Read more

securitytracker.com:
PHPsFTPd Grants Administrative Access to Remote Users. Read more

securitytracker.com:
Web-Portal-System 'wps_shop.cgi' Remote Command Execution. Read more

securitytracker.com:
NetPanzer Lets Remote Users Cause the Server to Enter and Endless Loop. Read more

securitytracker.com:
PHPCounter Input Validation Hole in EpochPrefix Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Hosting Controller Input Validation Hole in 'listreason.asp' Lets Remote Authenticated Users Injection SQL Commands. Read more

securitytracker.com:
Cisco Security Agent IP Packet Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco ONS 15216 OADM Telnet Processing Error Lets Remote Deny Service. Read more

securitytracker.com:
Darwin Streaming Server Web Admin Interface Lets Remote Users Deny Service. Read more

www.fr33d0m.net:
ZoneAlarm remote exploit. Read more

 

News
www.smh.com.au:
UN wants to reduce US net dominance. Read more

www.theregister.co.uk:
Another pitch to Parliament for Denial of Service law. Read more

seattlepi.nwsource.com:
In smarts, she's a perfect 10
'Pakistan's girl wonder' is likely the youngest certified Microsoft expert. Read more

www.pcworld.com:
Trend Micro Bug Proves Costly. Read more

www.theregister.co.uk:
Flaws in BT chat sites expose users. Read more

insight.zdnet.co.uk:
The NASA hacker: Scapegoat or public enemy? Read more

news.zdnet.co.uk:
British hacker shines light on poor IT security. Read more

software.silicon.com:
Nasa hacker "frightened" by ease of entry. Read more

www.securitypark.co.uk:
Sender ID is Not an Anti-Spam Solution. Read more

www.technewsworld.com:
Hacker Tells of Bungle That May Have Cost $1 Million. Read more

www.theregister.co.uk:
Oz music hyperlinker guilty of copyright infringement. Read more

. 14 July 2005

Guides, Papers, etc
www.securityfocus.com:
Desktop port proliferation a security risk? Read more

www.securityfocus.com:
Microsoft and Claria, together at last? Read more

www.eweek.com:
Strive for Authentication, But Don't Count on It. Read more

 

Tools:
www.knowledgecave.com:
KCPentrix is liveCD design to be a standalone Penetration testing toolkit for pentesters and security analysts. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
UPB Gold 1.9.6 XSS poc exploit. Read more

www.rgod.altervista.org:
UPB Gold 1.9.6 various XSS vulnerability. Read more

www.rgod.altervista.org:
Mambo 4.5.2.3 Cross Site Scripting poc exploit. Read more

www.rgod.altervista.org:
PHPSiteSearch 1.7.7d Cross Site Scripting poc exploit. Read more

www.debian.org:
DSA-756-1 squirrelmail -- several vulnerabilities. Read more

www.debian.org:
DSA-755-1 tiff -- buffer overflow. Read more

www.debian.org:
DSA-754-1 centericq -- insecure temporary file. Read more

www.cisco.com:
Cisco ONS 15216 OADM Telnet Denial-of-Service Vulnerability. Read more

securitytracker.com:
Check Point SecuRemote NG May Disclose Password Information to Local Users. Read more

securitytracker.com:
Mozilla Firefox Shared Object Access Control Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Standalone Application Support May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Hosting Controller Input Validation Hole in Search Box Lets Remote Users Injection SQL Commands. Read more

securitytracker.com:
oaboard Discloses Installation Path to Remote Users. Read more

 

News
www.informationweek.com:
Trial Begins Against Accused Hacker. Read more

www.theregister.co.uk:
Phlooding attack could leave enterprises high and dry. Read more

www.theregister.co.uk:
Could blogging spread computer worms? Read more

www.theregister.co.uk:
Leave hacker scum to rot, says MP. Read more

www.detnews.com:
VoIP study, Powell as partner, BitTorrent browser, Banking security. Read more

www.theregister.co.uk:
Three critical fixes in MS July security update. Read more

news.com.com:
Flaws could open systems to attack. Read more

news.com.com:
Alleged hacker: U.S. defense sites poorly secured. Read more

www.theregister.co.uk:
Firefox update completes busy patching day. Read more

www.techweb.com:
Word Bug Shows Trend In File Format Hacks. Read more

news.com.com:
Death penalty for virus writers? Read more

news.zdnet.com:
VeriSign buys iDefense for $40 million. Read more

. 13 July 2005

Guides, Papers, etc
www.microsoft.com:
What to do if you're a victim of credit card fraud. Read more

www.icann.org:
DOMAIN NAME HIJACKING: INCIDENTS, THREATS, RISKS, AND REMEDIAL ACTIONS. Read more

pacsec.jp:
World Security Pros To Converge on Japan. Read more

Analysis of a win32 userland rootkit by Kdm. Read more

informationweek.com:
Five Network Security Secrets. Read more

news.com.com:
Microsoft on ID theft watch. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability. Read more

xforce.iss.net:
Microsoft ICM Image Compromise. Read more

www.cisco.com:
Cisco CallManager Memory Handling Vulnerabilities. Read more

www.debian.org:
DSA-753-1 gedit -- format string. Read more

www.rgod.altervista.org:
phpbb2root by rgod (version 2.0.15). Read more

securitytracker.com:
Oracle Database Has Multiple Flaws That May Let Remote Users Access the Database. Read more

securitytracker.com:
Apple Mac OS X TCP/IP Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Kerberos krb5_recvauth() Double-Free Error May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MIT krb5 KDC Buffer Overflow in 'do_as_req' and 'do_tgs_req' May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Office Buffer Overflow in Parsing Fonts Lets Remote Users Cause Arbitrary Code to Be Executed. Read more

securitytracker.com:
Microsoft Microsoft Color Management Module Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MIMEsweeper for Web May Let Remote Code Bypass the Portable Code Manager. Read more

securitytracker.com:
Cisco CallManager Memory Management Bugs Let Remote Users Deny Service and Execute Arbitrary Code. Read more

securitytracker.com:
SGI arrayd arshell May Grant a Root Shell to Remote Authenticated Users or Local Users. Read more

securitytracker.com:
Moodle Has Unspecified Security Bugs. Read more

securitytracker.com:
F5 BIG-IP Unspecified SSL Authentication Bug May Let Remote Users Deny Service. Read more

securitytracker.com:
Dragonfly Commerce Lets Remote Users Modify Pricess and Inject SQL Commands. Read more

securitytracker.com:
wMailServer Can Be Crashed By Remote Users and Discloses Passwords to Local Users. Read more

securitytracker.com:
Blog Torrent May Disclose Hashed Password to Remote Users. Read more

securitytracker.com:
iPhotoAlbum Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Squito Gallery Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Hosting Controller 'addsubsite_online.asp' Lets Remote Authenticated Users Create New Accounts. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Summary for July, 2005. Read more

www.theregister.co.uk:
Sophos glitch leaves PCs hanging. Read more

www.wired.com:
Giving New Meaning to 'Spyware'. Read more

www.theregister.co.uk:
ICANN warns world of domain hijacking. Read more

www.theinquirer.net:
Acxiom hacker trial opens. Read more

www.zdnet.com.au:
Spammers use anti-spam protocols to bypass filters. Read more

www.silicon.com:
Cyber cops investigate Manchester police DoS attack. Read more

news.com.com:
Document security? Tell me another joke. Read more

www.thecouriermail.news.com.au:
Trojan horror virus. Read more

www.theregister.co.uk:
Dutch file-swapper case collapses. Read more

. 12 July 2005

Guides, Papers, etc
www.slate.com:
The Filtered Future. China's bid to divide the Internet. Read more

www.defcon.org:
DefCon 13 will be held at the Alexis Park in Las Vegas, Nevada, July 29-31, 2005. Read more

www.securityfocus.com:
The Price is Right. Read more

www.windowsecurity.com:
Treating Infected Systems. Read more

www.webappsec.org:
DOM Based Cross Site Scripting or XSS of the Third Kind. Read more

i.i.com.com:
Hook, Line and Sinker: Phishing Attacks Going �Professional�. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-752-1 gzip -- several vulnerabilities. Read more

www.debian.org:
DSA-751-1 squid -- IP spoofing. Read more

www.debian.org:
DSA-750-1 dhcpcd -- out-of-bound memory access. Read more

securitytracker.com:
MSN Messenger Protocol '.pif' Group Conversation Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Hosting Controller 'AccountActions.asp' Access Control Bug Lets Remote Authenticated Users Modify Their Credit Limit. Read more

securitytracker.com:
Linux Kernel Race Condition in ia32 Compatability Code Yields Root Privileges to Local Users. Read more

securitytracker.com:
Lotus Notes HTML Attachment Processing Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Novell NetMail HTML Attachment Processing Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Id Board 'tbl_suff' Input Validation Hole Lets Remote Users Injection SQL Commands. Read more

securitytracker.com:
SPiD Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
PPA Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

www.securiteam.com:
Notify Message Spoofing Vulnerability With VoIP Phones (Exploit). Read more

 

News
www.theregister.co.uk:
Zombie bots fuel spyware boom. Read more

software.silicon.com:
Zombies: There are too many of them, say McAfee. Read more

news.zdnet.com:
Report: Computer hijacking on the rise. Read more

www.theinquirer.net:
Microsoft's hacker says he deserves a job in Redmond. Read more

blogs.zdnet.com:
Spyware a national security threat? Read more

www.theregister.co.uk:
Pentagon �ber-hacker rap sheet spills attack details. Read more

news.zdnet.com:
Microsoft denies its antispyware favors Claria. Read more

www.theregister.co.uk:
Longhorn following Unix on security? Read more

news.zdnet.com:
Microsoft learns to live with open source. Read more

www.wired.com:
Google Squashes 'Typosquatting'. Read more

software.silicon.com:
Hacker mag closure spells bad news for security. Read more

www.theregister.co.uk:
Hacker magazine shuts up shop. Read more

www.technewsworld.com:
Punishment Inconsistent for Convicted Hackers. Read more

www.vnunet.com:
Soft Sasser sentence slammed. Read more

www.computerworld.com:
Internet Banking Security: Separating Fact From Fiction. Read more

news.com.com:
Antispam spec sets off on path to standard. Read more

news.com.com:
Group delivers definition of spyware. Read more

www.technewsworld.com:
Floridian Faces Wireless Trespassing Charges. Read more

news.com.com:
Feds blacklist 'illegal' Cuban Web sites. Read more

. 11 July 2005

Guides, Papers, etc
www.usenix.org:
14th USENIX Security Symposium. Read more

www.toorcon.org:
ToorCon 2005 Call For Papers. Read more

msevents.microsoft.com:
TechNet Webcast: Information about Microsoft July Security Bulletins (Level 100). Read more

kerneltrap.org:
OpenBSD Hackathon 2005, Part III. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-749-1 ettercap -- format string error. Read more

www.debian.org:
DSA-747-1 egroupware -- input validation error. Read more

www.debian.org:
DSA-745-1 drupal -- input validation errors. Read more

secunia.com:
zlib "inftrees.c" Buffer Overflow Vulnerability. Read more

 

News
www.net4now.com:
Hacking magazine closes. Read more

www.arnnet.com.au:
IT security 'worse than root canal'. Read more

www.vnunet.com:
Trojan capitalises on London bombings. Read more

seattlepi.nwsource.com:
Microsoft Notebook: Gates hints at sharing Xbox secrets. Read more

news.zdnet.co.uk:
Microsoft: Identity challenge will have many solutions. Read more

insight.zdnet.co.uk:
The public face of Microsoft privacy. Read more

www.arnnet.com.au:
Microsoft encroaching on storage territories. Read more

www.theregister.co.uk:
Microsoft's Ballmer tells lurvely partners to stick it to IBM. Read more

www.nytimes.com:
In Video Game, a Download Unlocks Hidden Sex Scenes. Read more

www.vnunet.com:
Yahoo launches SMS search. Read more

www.wired.com:
Cops Watched Sex Offender's Blog. Read more

www.sophos.com:
Suspected gang who stole from online game players arrested in Korea, Sophos reports. Read more

www.nytimes.com:
Flaw Is Found in Software Used to Accredit Hospitals. Read more

www.globes.co.il:
2 indictments against 9 PIs in Trojan Horse affair. Read more

www.ciol.com:
Offshoring security? India still hot. Read more

www.ciol.com:
New wireless broadband uses radio waves. Read more

. 10 July 2005

Guides, Papers, etc
www.windowsecurity.com:
The Student, the Teacher, and Optix Pro (Part 1). Read more

www.windowsecurity.com:
The Student, the Teacher, and Optix Pro (Part 2). Read more

www.windowsecurity.com:
NAT Traversal (NAT-T) Security Issues. Read more

www.emsisoft.com:
The Dialer-Problem in Detail. Read more

www.pcworld.com:
Your Privacy? It's Toast. Read more

www.pcworld.com:
Can You Trust Your Spyware Protection? Read more

mdn.mainichi-msn.co.jp:
Chinese hacker steals info on 160,000 travel agency customers. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
CA eTrust SiteMinder Input Validation Bug in 'smpwservicescgi.exe' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
phpWishList Grants Administrative Access to Remote Users. Read more

securitytracker.com:
Xerox WorkCentre Pro Web Service Lets Remote Users Bypass Authentication, Obtain Files, Modify Web Pages, or Deny Service. Read more

securitytracker.com:
Bugzilla Lets Remote Users Modify Flags and May Disclose Private Bug Summaries to Remote Users. Read more

securitytracker.com:
MailEnable Professional Flaw in HTTPMail Service May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
pngren 'kaiseki.cgi' Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

 

News
www.internetnews.com:
No Jail Time For Sasser, Netsky Author. Read more

today.reuters.com:
Microsoft rewards Sasser worm informants. Read more

software.silicon.com:
Sasser writer free to return to his job. Read more

www.computerworld.com:
Lawyers disagree over punishment in Sasser trial. Read more

software.silicon.com:
Sick virus writer exploits London bomb blast. Read more

www.theregister.co.uk:
VXers release 'London bombing' Trojan. Read more

www.computerworld.com:
Microsoft preps disk-based recovery system. Read more

www.rednova.com:
Hacker Gets into USC Data Base. Read more

www.kobtv.com:
USC tells 270,000 applicants a hacker may have accessed their records. Read more

www.antiphishing.org:
Phishing Alert: NCUA- '*** WARNING: Security Issues ***'. Read more

. 09 July 2005

Guides, Papers, etc
www.toorcon.org:
ToorCon 2005 Call for Papers. Read more

www.securityfocus.com:
Who owns the information? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Tivoli Management Framework Endpoint Service (lcfd) Lets Remote Users Deny Service. Read more

securitytracker.com:
phpAuction Bugs Let Remote Users Conduct Cross-Site Scripting and SQL Injection Attacks and Bypass Authentication. Read more

securitytracker.com:
McAfee Security Management System Lets Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM AIX ftpd Port Timeout Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
PunBB Input Validation Hole in 'profile.php' Permits SQL Injection and pun_include Flaw May Permit PHP Code Execution. Read more

securitytracker.com:
Comersus Input Validation Flaws in 'email', 'idProduct', 'name', and 'message' Parameters Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
CartWIZ Input Validation Holes in 'id', 'idProduct', 'sortType', and 'message' Parameters Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users. Read more

securitytracker.com:
phpSlash Access Control Bug in saveProfile() Lets Remote Authenticated Users Hijack Accounts. Read more

securitytracker.com:
phpPgAdmin Input Validation Hole in 'formLanguage' Discloses Files to Remote Users. Read more

www.debian.org:
DSA-744-1 fuse -- programming error. Read more

www.debian.org:
DSA-743-1 ht -- buffer overflows, integer overflows. Read more

www.debian.org:
DSA-742-1 cvs -- buffer overflow. Read more

 

News
www.securityfocus.com:
Microsoft to reward informants after Sasser conviction. Read more

www.terra.net.lb:
Creator of Sasser Internet worm gets suspended sentence. Read more

www.computerworld.com.au:
MessageLabs Warns: Two New Strains of Trojan Downloader on the Loose. Read more

www.vnunet.com:
'Spam report' Trojan spreading fast. Read more

news.zdnet.co.uk:
Library flaw puts applications at risk. Read more

news.zdnet.co.uk:
Microsoft: Identity challenge will have many solutions. Read more

news.zdnet.co.uk:
Exploit published for old Firefox flaw. Read more

news.zdnet.co.uk:
On-the-run spammer caught and canned. Read more

www.terra.net.lb:
South Koreans develop new high-speed computer circuit board. Read more

. 08 July 2005

Tools:
afick.sourceforge.net:
AFICK (Another File Integrity CHecker). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
oftpd Buffer Overflow in USER Command May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PrivaShare Lets Remote Users Deny Service. Read more

securitytracker.com:
MakeBid Auction Deluxe Input Validation Hole Permits Remote Command Execution. Read more

securitytracker.com:
phpSecurePages Include File Bug in 'secure.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Capturix ScanShare Discloses Password to Local Users. Read more

securitytracker.com:
FSBoard Input Validation Hole Discloses Files to Remote Users. Read more

securitytracker.com:
BudgeTone SIP Phone Lets Remote Users Spoof SIP-Notify-Messages Packets. Read more

securitytracker.com:
Cisco 7940/7960 Lets Remote Users Spoof SIP-Notify-Messages Packets. Read more

securitytracker.com:
Internet Download Manager Buffer Overflow in Processing Long URLs Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-742-1 cvs -- buffer overflow. Read more

www.debian.org:
DSA-741-1 bzip2 -- infinite loop. Read more

 

News
news.com.com:
Trojan horses gallop into networks. Read more

www.theregister.co.uk:
Spyware fears prompt changing net habits. Read more

www.theregister.co.uk:
MS UK defaced in hacking attack. Read more

www.theregister.co.uk:
MS downgrades Claria adware detection. Read more

www.broadbandreports.com:
MS Downgrades Claria Detections. Read more

www.globes.co.il:
2 indictments against 9 PIs in Trojan Horse affair. Read more

money.cnn.com:
Man charged with wireless trespassing. Read more

www.networkingpipeline.com:
Florida Man Charged With Stealing Wi-Fi Signal. Read more

www.eweek.com:
Law and Order on the Internet by Larry Seltzer. Read more

www.technewsworld.com:
Sasser Creator Expected to Get Suspended Sentence. Read more

www.technewsworld.com:
Is It Spyware or Adware? Read more

www.theglobeandmail.com:
Keystroke logging a no-no in Alberta. Read more

www.vnunet.com:
Windows and Office patches ahead. Read more

www.computerworld.com.au:
Hackers for hire. Read more

news.com.com:
Wide-ranging flaw crashes programs. Read more

www.net4now.com:
Computer users turning into DIY security experts. Read more

www.technewsworld.com:
IM Becoming More Popular Malware Target, Study Finds. Read more

news.com.com:
Microsoft's personnel puzzle. Read more

news.bbc.co.uk:
Man convicted for chipping Xbox. Read more

www.washingtonpost.com:
Thanks for Listening. Read more

www.vnunet.com:
Microsoft and France Telecom get into VoIP. Read more

. 07 July 2005

Guides, Papers, etc
RAID 2005
Eighth International Symposium on Recent Advances in Intrusion Detection. Read more

www.cgisecurity.com:
Anatomy of the web application worm. Read more

 

Tools:
www.microsoft.com:
Microsoft Shared Computer Toolkit for Windows XP (Beta). Read more

Detect Hidden Connections
This is a little program to detect if a rootkit is hiding a port. Read more

www.eeye.com:
eEye Digital Security Announces Availability of Blink� 2.0. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PhotoGal Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Dansie Shopping Cart Discloses Variables File to Remote Users. Read more

securitytracker.com:
Jaws 'BlogModel.php' Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
'probe.cgi' Input Validation Hole in 'olddat' Parameter Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Adobe Reader Incorrect Temporary File Permissions May Disclose PDF Files to Local Users. Read more

securitytracker.com:
Adobe Reader Buffer Overflow in UnixAppOpenFilePerform() May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Popper May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Mark Kronsbein's MyGuestbook Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
QuickBlogger Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ASPWebMail Discloses Database to Remote Users. Read more

securitytracker.com:
ASPKnowledgeBase Discloses Database to Remote Users. Read more

securitytracker.com:
FileMan Discloses Database to Remote Users. Read more

www.securiteam.com:
Internet Download Manager URL Stack Overflow (Exploit). Read more

www.securiteam.com:
Mozilla Platform's Code Execution Vulnerabilities (Exploit). Read more

www.securiteam.com:
TCP Chat(TCPX) DoS (Exploit). Read more

www.securiteam.com:
Drupal Code Injection (SA-2005-002, Exploit). Read more

www.securiteam.com:
phpBB Remote PHP Code Execution (viewtopic.php, Perl). Read more

www.securiteam.com:
Access Remote PC Password Disclosure (Exploit). Read more

www.securiteam.com:
XMLRPC Remote Commands Execution (Exploit). Read more

 

News
www.vnunet.com:
Longhorn locked down to fight hackers. Read more

www.vnunet.com:
Microsoft offers temporary fix for 'extremely critical' flaw. Read more

news.com.com:
Suspected spam king to appear in court. Read more

news.com.com:
Americans changing tack to shake off spyware. Read more

news.com.com:
Exploit heightens risk from old Firefox flaw. Read more

today.reuters.com:
Net users change habits to avoid spyware-survey. Read more

mdn.mainichi-msn.co.jp:
Chinese hacker steals info on 160,000 travel agency customers. Read more

news.zdnet.co.u:
Integration needed to shore up security holes. Read more

news.zdnet.co.u:
Microsoft: 'We won't charge to fix vulnerabilities'. Read more

news.com.com:
Hacking for dollars. Read more

. 06 July 2005

Vulnerabilities & Exploits
Eksperymentalny Klient Gadu-Gadu (EKG) Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Geeklog Input Validation Hole When Retrieving Article Comments Permits SQL Injection Attacks. Read more

securitytracker.com:
PPxP Privileged Log File Access May Let Local Users Gain Root Privileges. Read more

securitytracker.com:
ASPjar GuestBook Input Validation Hole Permits SQL Injection. Read more

securitytracker.com:
ListPics Discloses Database to Remote Users. Read more

securitytracker.com:
Access Remote PC Discloses Password to Local Users. Read more

securitytracker.com:
Quick Dirty PHP Source Printer Input Validation Hole Discloses Files to Remote Users. Read more

securitytracker.com:
GlobalNoteScript Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Log4sh Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

www.zataz.net:
ekg insecure temporary file creation and arbitrary code execution. Read more

www.zataz.net:
kpopper insecure temporary file creation. Read more

www.idefense.com:
Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability. Read more

 

News
www.vnunet.com:
Virus writer confesses guilt. Read more

www.vnunet.com:
Hackers turn to root kits for web attacks. Read more

constitutionalcode.blogspot.com:
DNS Poisoning Requested From Providers by Rights Organisation. Read more

www.asahi.com:
Spyware suspected in illegal money transfers. Read more

www.securityfocus.com:
Flawed USC admissions site allowed access to applicant data. Read more

www.theregister.co.uk:
China opens net addiction clinic. Read more

www.techworld.com:
Microsoft to offer fix for another IE vulnerability. Read more

imlogic.com:
IMlogic Threat Center Reports Significant Rise in Targeted Attacks on Instant Messaging Networks in Q2 2005. Read more

www.vnunet.com:
IT directors 'unaware' of email threat. Read more

www.theregister.co.uk:
Brit nicked for hacking Xbox. Read more

. 05 July 2005

Guides, Papers, etc
www.computerworld.com.au:
Open source vs. Windows: security debate rages. Read more

Hall Of Shame.
This wiki page is dedicated to the thousands of applications that break when run as non-admin. Read more

VX Reversing I, the basics by Eduardo Labir. Read more

 

Vulnerabilities & Exploits
seclists.org:
[Full-disclosure] alert: the 111111 bug. Read more

securitytracker.com:
osTicket Lets Remote Users Include Local Files and Inject SQL Commands. Read more

securitytracker.com:
K-Meleon Error in Processing Empty Javascript Functions Lets Remote Users Deny Service. Read more

securitytracker.com:
TCP Chat Lets Remote Users Crash the Service. Read more

securitytracker.com:
JBoss jBPM Lets Remote Users Execute Arbitrary Applications and Obtain System Information Disclosure. Read more

www.illegalaccess.org:
Security Advisory: JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting. Read more

www.zataz.net:
log4sh insecure temporary file creation. Read more

 

News
www.vnunet.com:
Hackers crack two-factor security. Read more

www.theregister.co.uk:
Symbian Trojan drains the life from phones. Read more

www.geekzone.co.nz:
New Symbian trojan Doomboot.A prevents phone from booting. Read more

www.theregister.co.uk:
Warning over unpatched IE bug. Read more

news.zdnet.co.uk:
Criminals send malware levels soaring. Read more

www.techworld.com:
Web apps compromised by security hole. Read more

news.com.com:
The coming Web security woes. Read more

www.theregister.co.uk:
Pop-up smut tops spyware chart. Read more

news.bbc.co.uk:
Sasser worm suspect goes on trial. Read more

www.theregister.co.uk:
Silicon beats carbon in chess battle. Read more

www.theregister.co.uk:
China signs anti-spam pact. Read more

www.channelregister.co.uk:
CA boss charges detailed. Read more

www.itnews.com.au:
US feds revise case against Sanjay Kumar. Read more

www.cxotoday.com:
Phishing Attacks Up By More Than 200%. Read more

. 04 July 2005

Guides, Papers, etc
www.eweek.com:
RSS in Longhorn: The Security Question. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
SunONE Web Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks. Read more

securitytracker.com:
Oracle Application Server Web Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks. Read more

securitytracker.com:
IBM WebSphere May Allow Remote Users to Conduct HTTP Response Smuggling Attacks. Read more

securitytracker.com:
BEA WebLogic May Allow Remote Users to Conduct HTTP Response Smuggling Attacks. Read more

securitytracker.com:
Tomcat May Allow Remote Users to Conduct HTTP Response Smuggling Attacks. Read more

securitytracker.com:
Microsoft Internet Information Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks. Read more

 

News
australianit.news.com.au:
Security our biggest concern: Gates. Read more

www.itnews.com.au:
Trojan filters packets to isolate users. Read more

www.technewsworld.com:
Zombies on the Rise, Stalking the Internet. Read more

www.eweek.com:
Today's Hackers Code for Cash, Not Chaos. Read more

www.technewsworld.com:
Malware for Money: Zafi, Sober, Netsky Still Haunting Net. Read more

www.technewsworld.com:
Banks Try to Make Online Account Access More Secure. Read more

www.technewsworld.com:
Threat From Mobile Device Viruses a Sleeping Giant. Read more

www.nytimes.com:
Once Again, Microsoft Faces Antitrust Suit. Read more

www.itnews.com.au:
Microsoft confirms IE security flaw. Read more

www.rednova.com:
Hacker Hits Airport Web Site. Read more

www.vnunet.com:
Trojan attacks double in June. Read more

www.zdnet.com.au:
RSA and CA accused of sending 'stupid' e-mails. Read more

www.businessweek.com:
Swedes undeterred by online piracy ban. Read more

www.itnews.com.au:
Phishing up by 226 percent. Read more

news.bbc.co.uk:
Google maps shows the way forward. Read more

. 03 July 2005

Guides, Papers, etc
Shoot the Messenger: IM Worms by infectionvectors.com. Read more

 

New Trojans June

 

Vulnerabilities & Exploits
securitytracker.com:
Cacti Input Validation Holes Let Remote Users Inject SQL Commands, Bypass Authentication, and Execute Arbitrary Commands. Read more

securitytracker.com:
Oracle Application Server Web Cache Lets Remote Users Conduct HTTP Request Smuggling Attacks. Read more

securitytracker.com:
Sun Java System Web Proxy Server Lets Remote Users Conduct HTTP Request Smuggling Attacks. Read more

securitytracker.com:
Check Point FireWall-1 HTTP Request Smuggling May Let Remote Users Bypass Web Intelligence Features. Read more

securitytracker.com:
Microsoft ISA Server May Accept HTTP Authentication Even When SSL Is Required. Read more

securitytracker.com:
Nabopoll Include File Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Golden FTP Server Discloses Files and the Installation Path to Remote Authenticated Users. Read more

securitytracker.com:
Microsoft Front Page May Crash When Editing a Specially Crafted Web Page. Read more

securitytracker.com:
Simple Machines Forum Input Validation Hole in 'msg' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Squid HTTP Header Processing Lets Remote Users Smuggle HTTP Requests. Read more

 

News
www.siliconvalley.com:
U.S. decision on Internet's key computers raises concerns. Read more

wired-vig.wired.com:
Map Hacks on Crack. Read more

www.itp.net:
Firms �overhyping� virus dangers, claims Gartner. Read more

www.itp.net:
Hackers attack Mashreqbank. Read more

www.newscientist.com:
Computer viruses become hacker informants. Read more

. 02 July 2005

New Trojans June

 

Guides, Papers, etc
www.securityfocus.com:
Reverse engineering patches making disclosure a moot choice? Read more

www.securityfocus.com:
Open-source projects get free checkup by automated tools. Read more

www.eweek.com:
A Brand New Internet? Read more

slate.msn.com:
Internet2. It's better, it's faster. You can't use it. Read more

 

Tools:
www.microsoft.com:
Microsoft Baseline Security Analyzer v2.0 (for IT Professionals). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Netscape Error in Processing Empty Javascript Functions Lets Remote Users Deny Service. Read more

securitytracker.com:
NetBSD Audio Subsystem Lets Local Users Deny Service. Read more

securitytracker.com:
Prevx Pro Lets Local Users Modify Files and Spoof Driver Messages. Read more

securitytracker.com:
Community Link Pro Input Validation Hole in 'file' Parameter Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
SSH Secure Shell Server Discloses Host Key to Local Users and Remote Authenticated Users. Read more

securitytracker.com:
SSH Tectia Server Discloses Host Key to Local Users and Remote Authenticated Users. Read more

www.debian.org:
DSA-736-1 spamassassin -- remote DOS. Read more

www.debian.org:
DSA-735-1 sudo -- pathname validation race. Read more

 

News
www.theregister.co.uk:
Malware authors up the ante. Read more

www.computerworld.com:
IE bug can crash browser. Read more

www.computerworld.com:
U.S. makes about-face on Internet directories. Read more

www.wired.com:
Net Pioneer Wants New Internet. Read more

news.zdnet.co.uk:
Corporate anti-spyware spending tipped to boom. Read more

www.theregister.co.uk:
Feds deploy massive anti-piracy dragnet. Read more

www.khaleejtimes.com:
Warning against e-mail virus. Read more

www.cio-today.com:
Exploit Circulates for Veritas Backup Exec Software. Read more

www.computerworld.com:
Update: Microsoft to pay IBM $775M in antitrust settlement. Read more

www.surfcontrol.com:
Male Workers Help Spread the Spyware Surge. Read more

. 01 July 2005

New Trojans June

 

Guides, Papers, etc
www.benedelman.org:
Microsoft to Buy Claria? Read more

www.securityfocus.com:
Rats in the security world. Read more

www.biosmagazine.co.uk:
Announcing Ethical Hacking 101 course in London and Brussels. Read more

www.infoworld.com:
German tech university offers summer hacking course. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
FreeBSD ipfw Packet Lookup Error May Let Packets Bypass the Firewall. Read more

securitytracker.com:
FreeBSD TCP PAWS Timestamp and TCP Options Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Clam AntiVirus cli_scanszdd() and ENSURE_BITS() Errors Let Remote Users Deny Service. Read more

securitytracker.com:
Cisco IOS RADIUS Fallback 'None' Authentication Error Lets Remote Users Bypass Authentication. Read more

www.securiteam.com:
phpBB Remote PHP Code Execution (viewtopic.php 2). Read more

www.securiteam.com:
PHP-Fusion Accessible Database Backups Download (Exploit). Read more

www.securiteam.com:
Vulnerability in Message Queuing Allows Code Execution (MS05-017, Exploit 2). Read more

www.securityfocus.com:
Microsoft Windows NTFS Information Disclosure. Read more

www.debian.org:
DSA-733-1 crip -- insecure temporary files. Read more

 

News
news.zdnet.co.uk:
Trojans from China attacking UK. Read more

news.zdnet.co.uk:
Spam postcard delivers nasty surprise. Read more

www.theregister.co.uk:
Anti-spam success drives malware authors downmarket. Read more

www.theregister.co.uk:
Men blamed for spyware surge. Read more

www.theregister.co.uk:
Google slapped with click fraud class action. Read more

www.rednova.com:
Hacker Posts Crack for Google Software. Read more


Copyright� MegaSecurity.org