Home    News Archive    Translate Traducen
News July 2006
31 July 2006

Guides, Papers, etc
www.whitedust.net:
Fun Things To Do With Your Honeypot. Read more

video.google.com:
Video: Malware Analysis: Drive-by Download. Watch

blogs.securiteam.com:
Mitigating botnet C&Cs has become useless. Read more

blogs.securiteam.com:
Yahoo! Finance sites as target of attackers. Read more

blogs.securiteam.com:
�Delete That�. Read more

blogs.securiteam.com:
NASA sites running OS X defaced. Read more

isc.sans.org:
Attacks against Joomla com_peoplebook (NEW). Read more

arstechnica.com:
Recycle Bin not enough, Microsoft adds "Previous Versions" support on the file system level. Read more

www.pcadvisor.co.uk:
Microsoft gambles on Vista security: part two. Concerns behind delays to OS. Read more

www.spidynamics.com:
Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #31: Safari KHTMLParser::popOneBlock. Read more

browserfun.blogspot.com:
MoBB #30: Orphan Object Properties. Read more

securitytracker.com:
Sun N1 Grid Engine Buffer Overflows Let Local Users Shutdown the Grid Service or Gain Elevated Privileges. Read more

securitytracker.com:
Windows Server Service Unspecified Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
TWiki Configuration Script TYPEOF Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.eweek.com:
Vista, Rootkits Headline Hacker Confab. Read more

www.theinquirer.net:
Microsoft puts its welfare over your security. Read more

news.zdnet.co.uk:
JavaScript attack maps secure networks. Read more

www.itp.net:
99% of Arab websites suffer from security flaws, according to report. Read more

. 29 July 2006

Guides, Papers, etc
www.spidynamics.com:
Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript. Read more

blogs.ittoolbox.com:
Use Javascript? Prepare To Be 0wn3d. Read more

www.internetnews.com:
Black Hat 2006: Feeling Insecure in Sin City. Read more

i.cmpnet.com:
Audio: NWC Interview: Arthur W. Coviello, Jr., CEO, RSA Security Inc. Listen

www.podtrac.com:
Audio: Security Now! 50: Intro to Virtualization. Listen

www.techweb.com:
5 Ways To Get Vista's Security Now. Read more

techweb.com:
Top 10 Windows Vista Hits & Misses. Read more

www.microsoft.com:
Automatic Delivery of Internet Explorer 7. Read more

msnbc.msn.com:
Microsoft sees the beginning of the end for PCs. Read more

www.windowsecurity.com:
Understanding EFS. Read more

www.rootkit.com:
4.5 million copies of EULA-compliant spyware. Read more

blogs.zdnet.com:
Zango caught in lies about their software on MySpace? Read more

www.securitypronews.com:
The Russians Are Everywhere. Read more

www.securitypronews.com:
Security Issues Are Users' Fault? Read more

news.zdnet.com:
FAQ: JavaScript insecurities. Read more

news.zdnet.com:
Stopping fraud by blackballing PCs. Read more

www.darkreading.com:
Patch Work, Beyond Windows. Read more

blog.washingtonpost.com:
The Importance of the Limited User, Revisited. Read more

www.rickardliljeberg.com:
Best dell bug ever or is it a feature :-) Read more

voipforsmb.tmcnet.com:
Cellphone viruses. HAS YOUR PHONE HAD ITS SHOTS? Read more

 

Tools:
www.cipher.org.uk:
Google Source Code Bug Finder. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #29: ADODB.Recordset NextRecordset. Read more

securitytracker.com:
Heartbeat Shared Memory Error Lets Local Users Deny Service. Read more

securitytracker.com:
Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Brightmail AntiSpam Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
ZyXEL Prestige 660H-61 Router Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Sun Java System Application Server UTF-8 URI Mapping Error Lets Remote Users View Certain Files. Read more

securitytracker.com:
Sun Java System Web Server UTF-8 URI Mapping Error Lets Remote Users View Certain Files. Read more

securitytracker.com:
PHP Pro Bid Input Validation Hole Permits Cross-Site Scripting Attacks and Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Etomite Input Validation Flaw in 'username' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Etomite 'rfiles.php' Lets Remote Users Upload and Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
U.S. Navy loses more sensitive data. Read more

www.securityfocus.com:
U.S. Army requires trusted computing. Read more

www.informationweek.com:
Microsoft Issues Tool To Block IE7 Auto Updates. Read more

arstechnica.com:
Big brother wants a window into VoIP at any cost. Read more

news.com.com:
JavaScript opens doors to browser-based attacks. Read more

today.reuters.com:
Microsoft fails to quash Vista fears. Read more

www.theregister.co.uk:
Developers cry foul over Windows kernel security. Read more

www.theregister.co.uk:
Tool uses Google to hunt for open source bugs. Read more

www.theregister.co.uk:
Magic Dell desktop switches off by text. Read more

. 28 July 2006

Guides, Papers, etc
wired.com:
The Sleazy Life and Nasty Death of Russia�s Spam King. Read more

www.f-secure.com:
Alert("Your new friend is a worm"); Read more

www.linuxextremist.com:
Windows� House of Cards. Read more

www.eweek.com:
Block E-Mail Bounces with BATV. Read more

blogs.msdn.com:
Your Tab Settings...Read more

blogs.ittoolbox.com:
Turning WiFi Thieves Worlds Upside Down. Read more

blogs.ittoolbox.com:
Evil: Striking Back At Spammers. Read more

comment.zdnet.co.uk:
Staying a step ahead of malware. Read more

gigaom.com:
Live From GoogleFi. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #28: Mozilla Navigator Object. Read more

securitytracker.com:
Proventia 'SMB_MailSlot_Heap_Overflow Decode' Parsing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
RealSecure 'SMB_MailSlot_Heap_Overflow Decode' Parsing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
BlackICE 'SMB_MailSlot_Heap_Overflow Decode' Parsing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Solaris Performance Can Be Degraded via a TCP ACK Flood Attack. Read more

securitytracker.com:
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BosDates Include File Error in 'payment.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LinksCaffe Input Validation Holes Permits Cross-Site Scripting, SQL Injection, and Command Execution. Read more

securitytracker.com:
TP-Book Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Cisco VPN 3000 Concentrator IKE v1 Lets Remote Users Deny Service. Read more

securitytracker.com:
PHP Live! Include File Bug in 'header.php' Lets Remote Users Execute Arbitrary Code. Read more

 

News
news.zdnet.co.uk:
Security experts voice IE7 push concerns. Read more

software.silicon.com:
Beware 'suicidal' malware, says CyberTrust. Read more

www.securityfocus.com:
Social-networking sites rife with wormable flaws. Read more

www.agnitum.com:
Microsoft's Kernel Patch Protection Endangers Third-party Security Software Vendors. Read more

www.wired.com:
Confessions of a Cybermule. Read more

microisvjournal.wordpress.com:
Google�s Lawyers Admit To gmail Privacy Leak. Read more

www.wired.com:
Feds Want Hacker's Genetic Code. Read more

blog.wired.com:
Kaiser Joins Lost Laptop Crowd. Read more

www.scmagazine.com:
Man charged over medical college database theft. Read more

www.informationweek.com:
Hackers Face Prison Time For Boosting Grades. Read more

news.com.com:
Ballmer: Windows releases must come more quickly. Read more

. 27 July 2006

Guides, Papers, etc
news.bbc.co.uk:
Inside the great firewall of China. Read more

trends.newsforge.com:
Mark of the Microsoft Beast. Read more

www.wired.com:
How Bot Those Nets? Read more

adwords.google.com:
What's an invalid clicks report? How do I run one? Read more

www.f-secure.com:
CA vs F-Secure. Read more

www.it-observer.com:
Encryption: An alien concept? Read more

arstechnica.com:
Malicious toolbars and extensions try to hijack browsers. Read more

www.computerworld.com:
Recovery specialists bring data back from the dead. Read more

www.computerworld.com:
When encryption doesn't work. Read more

pubs.logicalexpressions.com:
Windows XP Security�The Big Joke. Read more

neworder.box.sk:
Bypassing software firewalls using process infection. Read more

 

Tools:
www.windowsfordevices.com:
Chip offloads WiFi security, encryption. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #27: NDFXArtEffects RGBExtraColor. Read more

www.frsirt.com:
Mozilla Products Multiple Remote Command Execution and Cross Site Scripting Vulnerabilities. Read more

securitytracker.com:
eIQnetworks Enterprise Security Analyzer Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PowerArchiver Buffer Overflow in 'DZIPS32.DLL' in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SpeedStream Web Administration Interface Lets Remote Users Deny Service. Read more

securitytracker.com:
AGEphone Buffer Overflow in 'sipd.dll' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apache Tomcat Discloses Directory Listings to Remote Users. Read more

securitytracker.com:
WoltLab Burning Board (wBB) 'sid' or 'wbb2_lastvisit' Cookie Parameters Permit Session Fixation Attacks. Read more

securitytracker.com:
KDE Desktop Locking/Screensave Activation May Fail. Read more

securitytracker.com:
IBM HTTP Server (IHS) Lack of Input Validation in Expect Header May Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
[Vulnerability Disputed] Vanilla Include File Error in 'setup/upgrader.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MusicBox Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

 

News
news.com.com:
Microsoft tags IE 7 'high priority' update. Read more

www.securityfocus.com:
Mac apps whacked by flaw finders. Read more

www.theregister.co.uk:
Netscape versus Digg. Read more

www.theregister.co.uk:
Google shows click fraud rates. Read more

www.informationweek.com:
Microsoft's New Home Page Shuns Firefox. Read more

english.vietnamnet.vn:
Installation of state sanctioned spyware begins. Read more

www.latimes.com:
2 Students Are Accused of Altering Grades in Computer Hacking Case. Read more

www.sfgate.com:
Navy Computers With Personal Data Stolen. Read more

www.msnbc.msn.com:
Computer holding personal data found. Read more

www.ktul.com:
Jenks Graduate Jailed In Grade Tampering Case. Read more

www.donotreply.com:
Kids Thank Warner Brothers for the Ads and Porn. Read more

. 26 July 2006

Guides, Papers, etc
www.darkreading.com:
Hacking the Vista Kernel. Read more

www.f-secure.com:
Video: Demo Video - Rogue Suspect. Read more

www.securityfocus.com:
After an Exploit: mitigation and remediation. Read more

www.returnpath.biz:
97% of IP addresses worthy of blocking. Read more

isc.sans.org:
A Few Thoughts on the Recent MySpace Worm (NEW). Read more

isc.sans.org:
�Order� e-mails and how to block them (NEW). Read more

www.infoworld.com:
McAfee cries wolf on open source . Blaming community development methods for malware woes is a self-serving smoke screen. Read more

www.microsoft.com:
Windows Principles. Twelve Tenets to Promote Competition. Read more

blogs.technet.com:
Windows Firewall: the best new security feature in Vista? Read more

irongeek.com:
Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY). Read more

 

Tools:
www.scatterchat.com:
ScatterChat is a HACKTIVIST WEAPON designed to allow non-technical human rights activists and political dissidents to communicate securely and anonymously while operating in hostile territory. Read more

www.cio-today.com:
Dell Intros New 802.11n Wireless Card. Read more

www.jakeludington.com:
Recover Deleted Files. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #26: Opera CSS Background. Read more

securitytracker.com:
Opsware Network Automation System Discloses MySQL Password to Local Users. Read more

securitytracker.com:
Password Safe May Fail to Lock the Password Database. Read more

securitytracker.com:
DynaZip Buffer Overflow in DZIP32.DLL/DZIPS32.DLL in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
FireWall-1/VPN-1 Input Validation Hole in PKI Web Service Lets Remote Users View Files on the Underlying System. Read more

securitytracker.com:
Savant2 Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
TippingPoint Intrusion Prevention System Lets Remote Users Bypass the Detection Mechanism. Read more

securitytracker.com:
BLOG:CMS Missing Input Validation in 'id' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Sun Solaris IP_NEXTHOP Option Lets Local Users Bypass the Routing Table. Read more

securitytracker.com:
miniBB Include File Flaw in 'search.php' and 'whosOnline.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
miniBB Include File Error in 'news.php' Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
European Parliament calls for censorship code of conduct. Read more

www.terra.net.lb:
Web site opposing Israeli offensive stays online despite best efforts of hackers. Read more

www.itnews.com.au:
Trojan spoofs Firefox extension, steals IDs. Read more

news.com.com:
Attack code puts Windows PCs at risk. Read more

www.scmagazine.com:
Study: Email-borne malware successfully hit 80 percent of businesses. Read more

www.sophos.com:
Man faces 55 years in jail after charge of stealing 80,000 email addresses. Read more

www.theregister.co.uk:
People-chipping tech cloned by hackers. Read more

www.theregister.com:
Hacker conference PI charged with witness tampering. Read more

www.cio-today.com:
Decision Expected by Friday in Suit Over Google Clicks. Read more

www.theregister.co.uk:
Internet fraud slips through police fingers, says Attorney General. Read more

www.viruslist.com:
Cybercrime in Spain on the rise. Read more

www.smh.com.au:
Is there a zombie in the Vatican? Read more

www.cio-today.com:
World's Dumbest Internet Criminals, Part I. Read more

www.terra.net.lb:
Yahoo and Symantec allies in Internet security service. Read more

www.zdnetasia.com:
Security firms squabble over mobile threats. Read more

www.telecomasia.net:
Japanese agencies vulnerable to viruses, attacks: study. Read more

www.smh.com.au:
Ignoring the 'enemy within'. Read more

www.technewsworld.com:
US Losing Momentum in Fight Against Spam. Read more

www.theregister.co.uk:
Stateside spam slaying stalls. Read more

www.theregister.co.uk:
UK declares war on cyberbullies. Read more

www.terra.net.lb:
Japanese mobile knows more about your life than you do. Read more

buckenfush.blogspot.com:
Skype User Database Completely Hacked. Read more

. 25 July 2006

Guides, Papers, etc
www.viruslist.com:
Malware evolution: April - June 2006. Read more

www.wired.com:
Hackers Fight Authority in NYC. Read more

www.securityfocus.com:
A month of browser bugs. Read more

popuptest.com:
Test your popup blocker software. Read more

isotf.org:
Internet Security Operations and Intelligence - a DA Workshop. Read more

www.castlecops.com:
Rootkit Revelations (Forum). Read more

ddanchev.blogspot.com:
Latest Report on Click Fraud. Read more

www.darkreading.com:
JavaScript Malware Targets Intranets. Read more

www.darkreading.com:
Security Bugs Sent to the Sandbox. Read more

www.eweek.com:
Wasted Spam Bits and the Lazy/Stupid Factor. Read more

www.pcworld.com:
How to Make Sure Your Security Software Is Working. Read more

news.com.com:
Zero-day Wednesdays. Read more

www.infoworld.com:
Password size does matter. Read more

www.viruslist.com:
The insecure pleasures of wi-fi. Read more

www.pcworld.com:
Bigger Threats, Better Defense. Read more

 

Tools:
toolbar.trustwatch.com:
TrustWatch Toolbar. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Exploits for new microsoft vulnerabilities. (NEW). Read more

browserfun.blogspot.com:
MoBB #25: Native Function Iterator. Read more

securitytracker.com:
Blackboard Academic Suite Input Validation Hole in Essay Test Permits Cross-Site Scripting Attacks. Read more

 

News
www.theregister.co.uk:
Ransomware getting harder to break. Read more

news.zdnet.com:
Symantec continues Vista bug hunt. Read more

www.itwire.com.au:
Yahoo and Symantec team up to fight Microsoft. Read more

www.pcworld.com:
Net Watchdog: Hacked Sites Cause Headaches. Read more

virtuelvis.com:
Microsoft censoring MSN Messenger conversations. Read more

blog.washingtonpost.com:
Hacked Ad Seen on MySpace Served Spyware to a Million. Read more

www.workshare.com:
BLIND FAITH: INFORMATION LEAKS OUT OF CONTROL, ORGANIZATION LIABILITIES AND CONSUMER PRIVACY AT RISK. Read more

. 24 July 2006

Guides, Papers, etc
www.viruslist.com:
Malware Evolution: MacOS X Vulnerabilities 2005 - 2006. Read more

www.apcstart.com:
Inside Vista�s new image-based install. Read more

www.ddj.com:
The Future of Computing. Read more

blogs.securiteam.com:
To XSS or not? Read more

blogs.securiteam.com:
The sun will come out tomorrow. Read more

blogs.securiteam.com:
More Google Hacking - Security Auditing. Read more

www.mcs.vuw.ac.nz:
Google Hack - Binary Search. Read more

www.nz-honeynet.org:
Compromise of a Honeypot via SSH. Read more

www.eset.com:
Survey Reveals the Majority of U.S. Adult Computer Users Are Unprotected from Malware. Read more

www.f-secure.com:
Spy vs. Spy. Read more

isc.sans.org:
new Haxdoor (NEW). Read more

www.americanchronicle.com:
The Spamming Trap For Online Business Beginners. Read more

www.infoworld.com:
Microsoft bets big on Vista security. Read more

www.winsupersite.com:
Windows Genuine Advantage: An Overview and Screenshot Gallery. Read more

www.infoworld.com:
Is your Web site a malware spewing mess? Read more

www.computerworld.com.au:
Lost in space on planet malware. Read more

www.pcworld.ca:
The 10 biggest security risks you don't know about. Read more

www.zdnet.com.au:
Why popular antivirus apps 'do not work'. Read more

weblog.infoworld.com:
Audio: The Virtualization Report. Listen

sid.rstack.org:
Video: Attacking WiFi Networks With Traffic Injection. Watch

 

Tools:
www.greenborder.com:
Shop, Bank and Surf the Internet � in Total Safety & Privacy. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #24: Forms.ListBox.1 ListWidth. Read more

browserfun.blogspot.com:
MoBB #23: NMSA.ASFSourceMediaDescription dispValue. Read more

browserfun.blogspot.com:
MoBB #22: Internet.HHCtrl Click. Read more

browserfun.blogspot.com:
MoBB #21: CEnroll stringToBinary. Read more

news.netcraft.com:
PayPal XSS Exploit available for two years? Read more

securitytracker.com:
Sun Solaris Integer Overflow in sysinfo(2) Lets Local Users View Kernel Memory. Read more

securitytracker.com:
SiteDepth CMS Include File Flaw in 'constants.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phpFaber TopSites Missing Input Validation in 'i_cat' and 'method' Parameters Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
iManage CMS Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Professional Home Page Tools Gastebuch Input Validation Hole in 'class.php' Permits SQL Injection Attacks. Read more

securitytracker.com:
hwdeGUEST Input Validation Hole in 'new_entry.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Top XL Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
GNU Project Debugger (GDB) Integer Overflow in Binary File Descriptor Library May Permit Code Execution. Read more

securitytracker.com:
Solaris Event Port API Bugs May Let Local or Remote Users Deny Service. Read more

securitytracker.com:
Solaris '/net' Mount Point Continuous Loop Lets Local Users Deny Service. Read more

securitytracker.com:
Solaris Kernel Debugger Lets Local Users Deny Service. Read more

securitytracker.com:
TunePimp library (libtunepimp) Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
AFCommerce Input Validation Holes in New Review Field and Search Field Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
Cisco Security Monitoring, Analysis and Response System Bugs Let Remote Users Execute Arbitrary Shell Commands and Administrators Gain Root Privileges. Read more

 

News
news.zdnet.co.uk:
CA and F-Secure squabble over mobile threats. Read more

www.vnunet.com:
Hackers crack secret Google malware search codes. Read more

www.vnunet.com:
Hackers use AI to uncover vulnerabilities. Read more

www.theregister.co.uk:
74,000 .eu domains suspended. Read more

www.theregister.co.uk:
Warning over Sky TV scam. Read more

www.theregister.co.uk:
PI arrested at hacker convention. Read more

www.theregister.co.uk:
MySpace adware attack hits hard. Read more

www.net4now.com:
Online security requires a major scandal to put it right. Read more

www.usatoday.com:
Companies take costly steps to secure laptops. Read more

. 20 July 2006

Next Update Monday 24 July

Guides, Papers, etc
www.sysinternals.com:
On My Way to Microsoft! Read more

searchwindowssecurity.techtarget.com:
Invasion of the bots. Read more

www.computerworld.com:
Will Microsoft muzzle the software that cries wolf? Read more

arstechnica.com:
OpenDNS wants to change the way you access the Net. Read more

blogs.securiteam.com:
XSS Everywhere - Another Full Disclosure Run. Read more

blogs.securiteam.com:
Internet Security Operations and Intelligence - a DA Workshop. Read more

www.eweek.com:
Whois Hijacking My Domain Research? Read more

isc.sans.org:
TCP/1433 spike: Call for Packets. Read more

isc.sans.org:
New Challenge: Hack Bill! Read more

reports-archive.adm.cs.cmu.edu:
Learning to Detect Phishing Emails. Read more

www.baltimoresun.com:
Readers tell hints, tricks to summon passwords. Read more

www.ksl.com:
Staying Safe: You're Not as Safe Online as You May Think. Read more

www.thepittsburghchannel.com:
Exclusive: Couple Takes Internet Sex Policing Into Own Hands. Read more

www.sci-tech-today.com:
World's Dumbest Internet Criminals, Part I. Read more

www.safestepsfla.net:
SAFE STEPS Guide for Parents & Guardians. Read more

www.f-secure.com:
Coming Soon: Another Reverse Engineering Challenge. Read more

edition.cnn.com:
Google's unknown artist has huge following. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #20: OVCtl NewDefaultItem. Read more

hustlelabs.com:
RARLab�s WinRAR Local Stack Overflow. Read more

www.secureworks.com:
SecureWorks Finds SQL Injection Hacker Attacks on the Rise against Banks, Credit Unions and Utilities. Read more

securitytracker.com:
VMware May Fail to Set Safe SSL Key File Permissions. Read more

securitytracker.com:
Solaris Kernel Patches May Let Local Users Deny Service. Read more

securitytracker.com:
pcAnywhere '.cif' File Replacement Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Sybase/Financial Fusion Consumer Banking Suite Vulnerability Has Unspecified Impact. Read more

securitytracker.com:
Wireshard (Ethereal) Format String Flaws, Off-by-one Errors, and Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HiveMail Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
ListMessenger 'lm_path' Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact. Read more

 

News
www.securityfocus.com:
Microsoft scoops up Winternals. Read more

www.zdnet.com.au:
Eighty percent of new malware defeats antivirus. Read more

www.securityfocus.com:
Oracle patches 65 holes. Read more

money.cnn.com:
Amnesty shames Microsoft, Google, Yahoo. Read more

blog.washingtonpost.com:
Hacked Ad Seen on MySpace Served Spyware to a Million. Read more

www.techtree.com:
Zidane Carries Trojan Horse. Read more

news.com.com:
Microsoft vows to play fair. Read more

www.theregister.co.uk:
Symantec: Vista probably 'less stable' than XP. Read more

itmanagement.earthweb.com:
Phishing Filter Prevents E-Mail Identity Theft. Read more

www.channelregister.co.uk:
Online fraudsters love webmail - true. Read more

. 19 July 2006

Guides, Papers, etc
blogs.securiteam.com:
Political Hacking Hits MySpace with Another Worm. Read more

www.rfidvirus.org:
Is Your Cat Infected with a Computer Virus? Read more

isc.sans.org:
TCP/1433 spike: Call for Packets. (NEW). Read more

www.f-secure.com:
Exploit Wednesday. Read more

www.avertlabs.com:
MySpace Virus#2. Read more

thomer.com:
NSTX (IP-over-DNS) HOWTO. Read more

www.kltv.com:
On Your Side: Inside The Mind Of The Hacker. Read more

www.darkreading.com:
When TMI's a Good Thing. Read more

www.darkreading.com:
SIM: A Single Pane of Glass. Read more

www.kbcafe.com:
Scripting Virus. Read more

www.zdnetasia.com:
Hyperlink insecurity. Read more

www.internetnews.com:
Bots, Google Hacks: The Internet 'Storms' . Read more

marktaw.com:
The Google Proxy. Read more

www.sys-con.com:
Is Defrag Cure for "Computer Cancer"? Read more

www.securitypark.co.uk:
Protecting organisations against malicious code planted by employees. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #19: DataSourceControl getDataMemberName. Read more

browserfun.blogspot.com:
MoBB #18: WebViewFolderIcon setSlice. Read more

securitytracker.com:
GIMP Buffer Overflow in xcf_load_vector() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Citrix MetaFrame Installer May Add a Registry Key With Insecure Access Controls. Read more

securitytracker.com:
FreeType Integer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
FreeType Null Pointer Dereference in 'ftutil.c' Lets Remote Users Deny Service. Read more

securitytracker.com:
GnuPG Integer Overflow in Processing User ID Values May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
libwmf Integer Overflow in 'player.c' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP Tru64 ypserv Lets Remote Users Deny Service. Read more

securitytracker.com:
IBM Lotus Notes E-Mail Template May Cause Mail to Be Sent to the Wrong Recipient. Read more

securitytracker.com:
boastMachine Input Validation Flaw Permits Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
VisNetic MailServer Include File Bug in 'language' and Other Parameters Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IceWarp Web Mail Include File Bug in 'language' and Other Parameters Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BitZipper Buffer Overflow in Processing ACE Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
D-Link Router UPnP Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Winlpd Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
news.bbc.co.uk:
Viruses leap to smart radio tags. Read more

www.theinquirer.net:
Suspected hackers to be banned from web. Read more

news.zdnet.com:
Symantec sees an Achilles' heel in Vista. Read more

www.microsoft.com:
Microsoft and XenSource to Develop Interoperability for Windows Server �Longhorn� Virtualization. Read more

www.terra.net.lb:
Microsoft sues 26 suspected US dealers of pirated software. Read more

blogs.zdnet.com:
MS says WGA has caught 60 million Windows cheaters. Read more

news.zdnet.com:
Rootkits get better at hiding. Read more

www.securitypronews.com:
Microsoft Wins Over Winternals. Read more

www.computerworld.com:
Bot masters fool with Paris Hilton. Read more

www.nytimes.com:
Dare Violate a Copyright in Hong Kong? A Boy Scout May Be Watching Online. Read more

www.redorbit.com:
Defeating the World's Most Powerful Hacker: WGI Advances Anti-Censorship Internet Technology With FirePhoenix. Read more

www.zdnet.com.au:
Google exec challenges Berners-Lee. Read more

www.theregister.co.uk:
Open source blamed for malware development. Read more

www.darkreading.com:
Getting Buggy with the MOBB. Read more

www.theregister.co.uk:
Google-based malware search tool surfaces. Read more

www.cio.com:
Researcher Posts Google-Based Malware Search Tool. Read more

www.vnunet.com:
Firms drowning in security alert overload. Read more

software.silicon.com:
Zidane head butt leads surfers to malware. Read more

www.internetnews.com:
Users Pass on Updating Antivirus Software. Read more

news.com.com:
Putting a price on a virtual computer. Read more

software.silicon.com:
UK government looks at revising flawed anti-spam law. Read more

news.zdnet.com:
Hate talking to your PC? Nuance gets users heard. Read more

. 18 July 2006

Guides, Papers, etc
www.benedelman.org:
How Vonage Funds Spyware. Read more

arstechnica.com:
Stealth rootkit makes its debut in the real world. Read more

www.beyondsecurity.com:
Case Study: A Cyber-terrorism Attack, Analysis and Response. Read more

www.theregister.co.uk:
How 'Saving The Net' may kill it. Read more

www.f-secure.com:
Exploit Wednesday. Read more

events.ccc.de:
23rd Chaos Communication Congress 2006: Call for Participation. Read more

www.ducea.com:
How to restore a hacked Linux server. Read more

www.eweek.com:
Microsoft Has Come a Long Way with IIS. Read more

www.eweek.com:
IT Ignorance Is Not Bliss. Read more

blogs.securiteam.com:
Hezbollah Aftermath - Google Earth and Sky News: Psychological warfare Online [update #3]. Read more

homemade-tutorials.blogspot.com:
0 seconds delay when deleting files in Explorer/Total Commander. Read more

news.com.com:
Keeping kids safe on social sites. Read more

Using Google to Find Malware - Automatically. Read more

www.pronetadvertising.com:
Google's growing list of domains. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
:
MoBB #17: Gradient StartColorStr. Read more

browserfun.blogspot.com:
WebViewFolderIcon setSlice. Read more

securitytracker.com:
OpenVMS Unspecified Flaw Lets Local or Remote Users Deny Service. Read more

securitytracker.com:
Invision Power Board Lack of Validation of HTTP Client IP Value Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
miniBB Include File Bug in 'absolute_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Security and Acceleration Server HTTP File Exentsion Filter Can Be Bypassed By Remote Users. Read more

securitytracker.com:
photo-gallery.php Missing Input Validation Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Microsoft Works Buffer Overflow in Processing Spreadsheet Files May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
UFO2000 Flaws Let Remote Users Inject SQL Commands on the Server and Execute Arbitrary Code on the Target User's System. Read more

 

News
news.zdnet.co.uk:
Virus writers use 'open source' methods. Read more

www.pcworld.com:
Malware Now a Group Effort. Read more

www.eweek.com:
Metasploit Creator Releases Malware Search Engine. Read more

www.suntimes.com:
Hackers break into Northwestern computers. Read more

www.microsoft.com:
Microsoft Lawsuits Help Protect Consumers From Software Piracy. Read more

www.securityfocus.com:
Controversial security report finds lower losses. Read more

www.theregister.co.uk:
Trojan downloader uses Zidane lure. Read more

www.theregister.co.uk:
'Skype clone' surfaces in China. Read more

. 17 July 2006

Guides, Papers, etc
isc.sans.org:
Behavioral Analysis of Rootkit Malware (NEW). Read more

www.betanews.com:
Meet Microsoft's Ultimate Beta Tester. Read more

reviews.cnet.com:
When two factor fails. Read more

blogs.securiteam.com:
HotCaptcha: Wrong! Die, bot, die. Read more

blogs.securiteam.com:
Team Evil Incident (Cyber-terrorism defacement analysis and response). Read more

computerworld.co.nz:
The average office PC: old, insecure and malware infested, says study. Read more

trends.newsforge.com:
Linus Torvalds doesn't matter!?! Read more

www.symantec.com:
Mac OS X: Viruses and Security. Read more

www.timesonline.co.uk:
340,282,366,920,938,000,000,000,000,000,000,000,000 new web addresses created by internet chiefs . . . so we won�t run out of space soon, then. Read more

www.vulnerabilityassessment.co.uk:
THE Visual Guide To Penetration Testing. Read more

news10now.com:
Understanding MySpace as a tool for predators. Read more

 

Tools:
helios.miel-labs.com:
Helios has been designed to detect, remove and innoculate against modern rootkits. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #17: DXImageTransform.Microsoft.Gradient StartColorStr. Read more

browserfun.blogspot.com:
MoBB #16: MHTMLFile Location. Read more

securitytracker.com:
ePolicy Orchestrator Input Validation Error in 'PropsResponse' Command Lets Remote Users Write Arbitrary Files. Read more

securitytracker.com:
phpBB Input Validation Error in 'memberlist.php' Lets Certain Remote Users Inject SQL Commands. Read more

securitytracker.com:
FlatNuke Gallery Module Lets Remote Users Upload and Execute Arbitrary Code. Read more

securitytracker.com:
perForms Include File Error in 'mosConfig_absolute_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.informationweek.com:
Can You Ever Trust A Hacker? UBS Trial Puts It To A Test. Read more

www.fr33d0m.net:
Israeli Hackers Join The War Vs. Palestinian Sites. Read more

news.zdnet.com:
McAfee fixes flaw--without realizing it. Read more

www.technewsworld.com:
UK Banks Consider Making Customers Liable for Online Fraud. Read more

. 15 July 2006

Guides, Papers, etc
blogs.securiteam.com:
Using time travel to detect vulnerabilities on web servers. Read more

blogs.securiteam.com:
Microsoft PowerPoint 0-day Vulnerability FAQ [UPDATED]. Read more

www.voipwiki.com:
Skype Protocol Has Been Cracked. Read more

www.networkworld.com:
The Life and Death of Microsoft Software. Read more

www.darkreading.com:
Social Engineering, the USB Way. Read more

www.darkreading.com:
Portable Danger. Reda more

www.foxnews.com:
Privacy: A Thing Of the Past? Read more

www.line56.com:
Hackers and Employment. Read more

www.avertlabs.com:
Malware Prevalence. Read more

aolradio.podcast.aol.com:
Audio: Security Now! 48: Your Questions, Steve's Answers #9. Listen

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #15: FolderItem Access. Read more

isc.sans.org:
0-day exploit for Microsoft PowerPoint (NEW). Read more

securitytracker.com:
Microsoft PowerPoint Unspecified Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Solaris X libICE Lets Remote Users Deny Service. Read more

securitytracker.com:
Sun Solaris ypserv Lets Remote Users Deny Service. Read more

securitytracker.com:
SHOUTcast Validation Logic Error Lets Remote Users View Files on the Target System. Read more

securitytracker.com:
Photocycle Missing Input Validation in 'phpage' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ScozNews Include File Flaw in 'CONFIG[main_path]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ORBITMATRIX Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Flipper Poll Include File Bug in 'root_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Microsoft to Google: get your tanks off our lawn. Read more

www.theregister.co.uk:
Networking sites could help hackers. Read more

arstechnica.com:
IBM accused of hacking, asks judge to toss case. Read more

www.securitypronews.com:
CSI, FBI Report On Virus Attacks And Financial Losses. Read more

www.websense.com:
Malicious Website / Malicious Code: World Cup Final Trojan Horse. Read more

www.redmondmag.com:
Living in a Virtual World. Read more

www.technewsworld.com:
'Image Spam' and VoIP Scam Attacks on Rise. Read more

www.terra.net.lb:
Google dodges child-care site suit. Read more

www.betanews.com:
Microsoft Withdraws Private Folder App. Read more

www.marketingpilgrim.com:
Dr. Google Sends Pain Relief. Read more

www.ecommercetimes.com:
Threats From Hackers 'Converging,' Researchers Say. Read more

. 14 July 2006

Guides, Papers, etc
masc2279.no-ip.org:
WEP Cracking, the FBI Way. Read more

www.eweek.com:
My-Registrar-Screwed-Me.Info. Read more

isc.sans.org:
Perl bot exploiting vulnerabilities in Joomla and Mambo components (NEW). Read more

research.microsoft.com:
Strider Search Defender: Automatic and Systematic Discovery of Search Spammers through Non-Content Analysis. Read more

webtown.typepad.com:
Skypodon II has been launched... Here come the probers. Part of the Skype-database exposed. Read more

www.symantec.com:
Mac OS X: Viruses and Security. Read more

www.avertlabs.com:
Malware Prevalence. Read more

www.schneier.com:
Click Fraud and the Problem of Authenticating People. Read more

www.blogmaverick.com:
A quick note on Click Fraud. Read more

news.com.com:
Google's antisocial downside. Read more

www.informationweek.com:
Microsoft's WGA Woes Highlight User Rights. Read more

technology.guardian.co.uk:
Using Internet Explorer at work can be a nasty shock if you use Firefox at home. Read more

 

Tools:
arstechnica.com:
50 TB organic discs on the horizon, maybe. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #14: Konqueror replaceChild(). Read more

securitytracker.com:
Lazarus Guestbook Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Koobi Pro Input Validation Holes Permit Cross-Site Scripting Attacks and SQL Injection Attacks. Read more

securitytracker.com:
Mutt Buffer Overflow in browse_get_namespace() Lets Remote Servers Execute Arbitrary Code. Read more

securitytracker.com:
Vixie Cron 'do_command.c' May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Adobe Acrobat Buffer Oveflow in Distilling to PDF Lets Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Router Web Setup Tool Uses an Unsafe IOS Router Configuration By Default. Read more

securitytracker.com:
Cisco Unified CallManager Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Cisco Intrusion Prevention System Can Be Crashed By Remote Users. Read more

 

News
www.securityfocus.com:
Core Debian server compromised. Read more

www.securityfocus.com:
Researchers hunt comment spammers. Read more

www.techweb.com:
New Zero-day PowerPoint Attack Under Way. Read more

webtown.typepad.com:
Skype Protocol Has Been Cracked. The Skype protocol will be reverse engineered by August 2006 and application code will be offered for license. Read more

www.informationweek.com:
State Department Releases Details Of Computer System Attacks. Read more

www.wired.com:
Google's Click-Fraud Crackdown. Read more

www.technewsworld.com:
Firefox Anti-Phishing Features Score Points. Read more

www.darkreading.com:
DNS Gets Anti-Phishing Hook. Read more

www.skypejournal.com:
Skype protocols opening up, ready or not. Read more

www.infoworld.com:
Super firewall aims to stop DDOS. Read more

www.theregister.co.uk:
Phishers rip into two-factor authentication. Read more

blogs.ittoolbox.com:
Hack Wireless: Go To Jail For Nine Years. Read more

www.theregister.co.uk:
VMware rubber stamps 'free' Server product. Read more

www.theregister.co.uk:
SurfControl snaps up BlackSpider. Read more

www.betanews.com:
Microsoft, Yahoo Bridge IM Networks. Read more

www.iht.com:
Parents cringe over online amateur videos. Read more

. 13 July 2006

Guides, Papers, etc
blogs.securiteam.com:
Microsoft patched only the most critical Excel flaw. Read more

techrepublic.com.com:
Confessions of an IT pro: My nine biggest professional blunders. Read more

news.independent.co.uk:
Gary McKinnon: Inside the head of a super hacker. Read more

www.networkingpipeline.com:
Why Cisco Is The FBI's Best Friend. Read more

www.securityfocus.com:
Application-level virtualization for Windows. Read more

www.ranum.com:
On Hard Disk Encryption. Read more Botnet traffic using TOR (NEW). Read more

www.pcmag.com:
The Golden Age of the Internet. Read more

today.reuters.co.uk:
Amsterdam clinic offers gamers path back to reality. Read more

wcbstv.com:
Family First: Cracking Kids' Secret Online Codes. Read more

 

Tools:
blogs.msdn.com:
Good News Everyone: VPC and licensing goodness ensue! Read more

www.betanews.com:
VMware Releases Free Server Software. Read more

developer.mozilla.org:
Firefox 2 Beta 1 milestone released. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #13: RevealTrans Transition. Read more

securitytracker.com:
Adobe Acrobat and Adobe Reader Unsafe Permissions on Mac OS X Let Local Users Gain Elevated Privileges. Read more

www.securiteam.com:
Microsoft Excel Malformed FNGROUPCOUNT Value Remote Code Execution (MS06-037). Read more

www.securiteam.com:
Microsoft SRV.SYS Mailslot Ring0 Memory Corruption (MS06-035). Read more

www.securiteam.com:
Vulnerability in Microsoft Internet Information Services Using Active Server Pages Could Allow Remote Code Execution (MS06-034). Read more

 

News
www.securityfocus.com:
University CIO steps down following breaches. Read more

www.securityfocus.com:
Report: Systems attacked at State Dept. Read more

www.onestopclick.com:
Rise in zero-hour virus threats. Read more

www.computerworld.com:
Microsoft offers commission to security partners. Read more

www.computerworld.com:
IBM sued over hacked e-mail server. Read more

www.darkreading.com:
CSI/FBI: Violations, Losses Down. Read more

www.theregister.co.uk:
Gmail phishing email offers $500 prize. Read more

techdirt.com:
Adware Vendor Tries To Dance Around Sneaky MySpace Installs. Read more

www.vnunet.com:
New worm targets virus researchers. Read more

www.vnunet.com:
Phishers crack two-factor authentication. Read more

www.terra.net.lb:
Microsoft, Yahoo link their online instant messaging systems. Read more

www.theregister.co.uk:
US restricts online gambling. Read more

. 12 July 2006

Guides, Papers, etc
www.computerworld.com:
Q&A: McAfee CEO unfazed by Microsoft security moves. Read more

www.msnbc.msn.com:
How Washington will shape the Internet. Read more

www.usatoday.com:
Who will pay for the Internet superhighway? Read more

www.pcworld.com:
Does Microsoft's Windows Genuine Advantage Program Qualify as Spyware? Read more

coolthingoftheday.blogspot.com:
Microsoft Private Folder 1.0. Read more

www.eff.org:
Frequently Awkward Questions for the Entertainment Industry. Read more

 

Tools:
fileforum.betanews.com:
Autoruns 8.53. Autoruns shows you what programs are configured to run during system bootup or login. Read more

blog.washingtonpost.com:
Windows 98/ME-Friendly Security Tools. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #12: TriEditDocument URL. Read more

securitytracker.com:
Microsoft Excel Errors in Processing Various Malformed Records Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Office PNG and GIF File Buffer Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Office String Parsing and Property Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Server Service Buffer Overflows Let Remote Users View SMB Information and Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
ASP.Net May Disclose Objects in the Application Folder to Remote Users. Read more

securitytracker.com:
FarsiNews Include File Bug Lets Users Execute Arbitrary Code. Read more

securitytracker.com:
Webvizyon Portal Input Validation Flaw in 'ID' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Juniper DX Application Acceleration Platform Input Validation Hole in Web Interface Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Papoo Input Validation Holes in 'forumthread.php' and 'hilfe.php' Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
JUNOS Memory Leak in Processing IPv6 Packets Lets Remote Users Crash the Router. Read more

securitytracker.com:
Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service. Read more

securitytracker.com:
TWiki PHP File Suffix Validation Bug Lets Remote Users Upload and Execute Arbitrary Code. Read more

securitytracker.com:
Trac Lets Remote Users Obtain Information and Deny Service. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Summary for July, 2006. Read more

www.securityfocus.com:
Microsoft patches Office, networking. Read more

www.theregister.co.uk:
Gates 'glad' to delay Vista some more. Read more

www.prnewswire.com:
Security Researchers to Demonstrate 25 New Tools and 15 New Exploits at Black Hat USA 2006 Briefings on August 2-3 in Las Vegas. Read more

www.washingtonpost.com:
State Dept. Probes Computer Attacks. Read more

www.wired.com:
Hacker Spawns a French Watergate. Read more

www.usatoday.com:
Cybercrooks turn to hacking many applications. Read more

www.betanews.com:
Microsoft's Private Folder App Criticized. Read more

www.eweek.com:
WebAttacker Unseats WMF as Most Popular Exploit. Read more

www.vnunet.com:
Mobile security in poor health. Read more

www.redherring.com:
Online Poker Rakes in $3.3B. Read more

. Guides, Papers, etc
www.washingtonpost.com:
Death by Wikipedia: The Kenneth Lay Chronicles.
Read more

www.longhornblogs.com:
Windows Vista Bug Reports: An Analysis. Read more

www.baselinemag.com:
How Google Works. Read more

www.internetnews.com:
Taking Aim At USBs in The Security Mix. Read more

www.eweek.com:
What If Your Building Burns Down? Read more

blogs.zdnet.com:
The pain of switching to a new OS. Read more

blog.siteadvisor.com:
All-Star Game of Spyware. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #11: HtmlDlgSafeHelper fonts. Read more

www.securinfos.info:
OLD SOFTWARES VULNERABLE : TEST YOUR EXPLOITS. Read more

securitytracker.com:
Hosting Controller Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
sipXtapi Buffer Overflow in CSeq Field Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MIMEsweeper for Web Input Validation Hole in 'Access Denied' Page Permits Cross-Site Scripting Attacks. Read more

 

News
www.securityfocus.com:
More U.S. Navy data found on the web. Read more

blog.washingtonpost.com:
Citibank Phish Spoofs 2-Factor Authentication. Read more

www.news.cornell.edu:
Cornell sleuths crack secret codes of Europe's Galileo satellite. Read more

www.securescience.net:
Top 10 Financial Institution's in regards to number of debit/credit cards stolen over the last four months. Read more

www.vitalsecurity.org:
Teenagers used to push Zango on Myspace? Read more

www.zdnet.com.au:
University removes outer firewall to improve security. Read more

www.wired.com:
Crazy-Long Hacker Sentence Upheld. Read more

www.betanews.com:
Crazy-Long Hacker Sentence Upheld. Read more

www.computerworld.com:
Visa, MasterCard Unveil New Security Rules. Read more

www.pcworld.com:
Google's Binary Search Helps Identify Malware. Read more

www.theregister.co.uk:
Online gambling addict destroyed building firm. Read more

www.technewsworld.com:
No Clear Solution to Microsoft's Anti-Piracy Muddle. Read more

edition.cnn.com:
Video-sharing sites raise concerns over crude clips. Read more

www.betanews.com:
More Information Leaks About GDrive. Read more

. 10 July 2006

Guides, Papers, etc
www.msnbc.msn.com:
Spyware developers net huge profits, outrage. Read more

www.businessweek.com:
The Plot To Hijack Your Computer. Read more

www.networkingpipeline.com:
Early Days On The Antivirus Front: A Personal Perspective. Read more

ddanchev.blogspot.com:
Security Research Reference Coverage. Read more

www.darkreading.com:
Lethal Shell Game. Read more

www.darkreading.com:
Secure Coding Catches Fire. Read more

www.uktsupport.co.uk:
How to Bypass BIOS Passwords. Read more

www.int.iol.co.za:
'Spies' grab your details while you surf. Read more

blogs.pcworld.com:
Microsoft's Doomed WGA Tactics. Read more

 

Tools:
www.securitypark.co.uk:
PGP NetShare Automatically Encrypts Files Saved to Network Folders. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
MoBB #10: Object.Microsoft.DXTFilter Enabled. Read more

securitytracker.com:
Microsoft Office LsCreateLine() Function May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Linux Kernel Core Dump Handling May Let Local Users Deny Service or Gain Elevated Privileges. Read more

securitytracker.com:
McAfee VirusScan Buffer Overflow Protection Lets Local Users Deny Service. Read more

 

News
www.domain-b.com:
Security report: 2006, so far, is the year for Trojans. Read more

www.newsnow.co.uk:
Sophos: virus targets antivirus researchers. Read more

www.betanews.com:
Excel Flaw in Asian Office Versions. Read more

news.com.com:
FBI plans new Net-tapping push. Read more

www.personaltechpipeline.com:
Microsoft Adds Privacy Folder To Windows. Read more

www.terra.net.lb:
Hong Kong proposes action against email spam. Read more

itmanagement.earthweb.com:
Case Study: Sandbagging Spyware. Read more

www.ohio.com:
Officers troll Internet to reel in sex predators. Read more

www.abc24.com:
BBB Warning: Work At Home Scams. Read more

www.itnews.com.au:
Sophos warns of PayPal phone phishing scam. Read more

. 08 July 2006

Guides, Papers, etc
blogs.securiteam.com:
Step-by-Step: How to Get BILLIONS of Pages Indexed by Google. Read more

blogs.securiteam.com:
Google News and Yahoo! News Blog Spam. Read more

www.itwire.com.au:
Vista not for home users: security expert. Read more

www.emailbattles.com:
Daily Exploit Release Reignites An Old Fire: What's A Real Good Guy Look Like? Read more

www.businessweek.com:
The Plot To Hijack Your Computer. Read more

www.securityfocus.com:
Basic journey of a packet. Read more

www.securityfocus.com:
Researchers look to predict software flaws. Read more

aolradio.podcast.aol.com:
Audio: Security Now 47: Internet Weaponry. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Macromedia Flash Player Lets Remote Users Deny Service. Read more

securitytracker.com:
Macromedia Flash Memory Access Errors Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BosClassifieds Classified Ad System Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WebEx Downloader Lets Remote Users Download and Execute Arbitrary Files. Read more

securitytracker.com:
eBay Picture Manager Buffer Overflow in EPUImageControl Object Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Hosting Controller Access Control Bugs Let Remote Authenticated Users Gain Reseller and Administrative Privileges. Read more

securitytracker.com:
Sparklet Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Microsoft plans for seven patches. Read more

www.microsoft.com:
Microsoft Security Bulletin Advance Notification. Read more

www.theregister.co.uk:
Phone phishers target PayPal. Read more

news.com.com:
FBI plans new Net-tapping push. Read more

security.ithub.com:
BitDefender Ships Anti-Rootkit Beta. Read more

. 07 July 2006

Guides, Papers, etc
www.informationweek.com:
Malware Responses: What To Do Before, During, And After An Attack. Read more

blogs.msdn.com:
Displaying tfeL-ot-thgiR Scripts - Can your computer handle it? Read more

www.infoworld.com:
Virtualization Breaks Out. New technology offerings from hardware, software, and OS platform vendors are lowering the barrier of entry to server virtualization, creating IT opportunities like never before. Read more

www.networkingpipeline.com:
Early Days On The Antivirus Front: A Personal Perspective. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Horde Application Framework Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Safari NULL Pointer Dereference in setAttributeNode() Lets Remote Users Deny Service. Read more

securitytracker.com:
phpSysInfo Discloses Whether Files Exist to Remote Users. Read more

securitytracker.com:
PHPMailList Discloses Information and Passwords to Remote Users and Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
randshop Include File Flaw in 'incl' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Galleria Module Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
randshop Include File Bug in 'dateiPfad' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Malware crosses 200,000 milestone. Read more

www.theregister.co.uk:
Malware targets security research tool. Read more

www.usatoday.com:
Gangs use Internet to showcase exploits. Read more

www.latimes.com:
Alleged Hacker to Be Extradited to the U.S. Read more

www.sophos.com:
IT world split on whether "Pentagon hacker" should be extradited. Read more

redherring.com:
Google�s Microsoft Syndrome. Read more

auctionbytes.com:
eBay Bans Sellers from Using Google Checkout. Read more

www.zdnet.com.au:
Windows shortcut 'trick' is a feature: Microsoft. Read more

www.darkreading.com:
Researchers Break Down NAC Defenses. Read more

. 06 July 2006

Guides, Papers, etc
www.securityfocus.com:
Windows genuine disadvantage. Read more

www.windowsitpro.com:
WGA Garners More Attention, All of it Bad. Read more

isc.sans.org:
Yahoo! user account phishing (NEW). Read more

www.siliconrepublic.com:
A day in the life of a security professional. Read more

justanothermobilemonday.com:
Mobilized - With An Information Security Investigator. Read more

www.techweb.com:
The 10 Most Destructive PC Viruses Of All Time. Read more

www.pcstats.com:
Beginners Guides: 99 Performance Tips for Windows XP. Read more

www.it-observer.com:
Defense-in-Depth against SQL Injection. Read more

www.varbusiness.com:
Cracking The Data Encryption Code. Read more

www.techbuilder.org:
Stare Down the Blue Screen of Death. Read more

blog.seattlepi.nwsource.com:
A Firefox PC operating system? Read more

www.ducea.com:
How to safely connect from anywhere to your closed Linux firewall. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PhpWebGallery Input Validation Flaw in 'comments.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Internet Explorer Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code. Read more

 

News
www.washingtonpost.com:
Consultant Breached FBI's Computers. Read more

www.techworld.com:
Hacker promises month of browser holes. Read more

www.windowsitpro.com:
EU Members Back Massive Microsoft Fines. Read more

www.infoworld.com:
McAfee: 400,000 virus definitions by 2008. Read more

www.vnunet.com:
Symantec mistakes open source tool for Trojan. Read more

www.osnn.net:
New Trojan Can Change IP Addresses. Read more

news.bbc.co.uk:
Threats prompt Mac switch advice. Read more

. 05 July 2006

Guides, Papers, etc
www.schneier.com:
Load ActiveX Controls on Vista Without Administrator Privileges. Read more

blogs.securiteam.com:
Net Neutrality is as silly as so-called Internet Governance. Read more

www.nytimes.com:
Identity Thief Finds Easy Money Hard to Resist. Read more

www.infigo.hr:
Using fuzzing to detect security vulnerabilities. Read more

www.infoworld.com:
The depressing state of computer security. Read more

h71028.www7.hp.com:
Vulnerability scanning. Read more

isc.sans.org:
Symantec detecting NSIS as trojan.zlob. (NEW). Read more

www.arcon5.com:
Planning the future of privacy at Microsoft. Read more

os.newsforge.com:
Rumored death of FreeDOS greatly exaggerated. Read more

news.com.com:
Video: Police who are online all the time. Watch

searchenginewatch.com:
Where Are They Now? Search Engines We've Known & Loved. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
free QBoard 'qb_path' Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
the banner exchange (tbe) Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
F5 FirePass Input Validation Holes in Multiple Fields Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
AutoRank PHP Input Validation Flaws in 'search.php' and 'main.cgi' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
QTOFileManager Input Validation Flaws in 'qtofm.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Plume CMS Include File Flaws in '_PX_config[manager_path]' in Multiple Scripts Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Glossaire 'pa' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
TK8 Safe Lets Local Users Access Directories, Overwrite Directories, and Cause Denial of Service Conditions. Read more

 

News
www.theregister.co.uk:
Police probe Paris Hilton link in LexisNexis breach. Read more

www.computerweekly.com:
HP unleashes a worm to find and fix server holes. Read more

www.vnunet.com:
Avoid Symantec appliances, says Gartner. Read more

www.zdnet.com.au:
Hacking techniques help security: HP. Read more

www.itwire.com.au:
Windows 98 users on their own says Microsoft. Read more

www.dallasnews.com:
Donor data stolen at local Red Cross. Read more

. 04 July 2006

Guides, Papers, etc
www.theregister.co.uk:
WiMAX in the UK. Here's why it won't fly. Read more

blogs.securiteam.com:
Browser Fun Blog discloses new flaw daily. Read more

www.arcon5.com:
Planning the future of privacy at Microsoft. Read more

singe.rucus.net:
Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation. Read more

blogs.ittoolbox.com:
Get Hired As A Penetration Tester. Read more

jameser.blogspot.com:
Tip #6: Recovering Deleted Files. Read more

www.informationweek.com:
In Depth: Five Things You Must Know About VoIP. Read more

www.boydcreative.net:
Examining Google�s Error Code. Read more

virtualization.info:
Security by virtualization. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
VirtuaStore Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

 

News
www.theregister.co.uk:
Windows Genuine Disadvantage malware sighted. Read more

www.itnews.com.au:
New worm poses as Microsoft anti-piracy alert to trick users. Read more

edition.cnn.com:
China cleaning up Internet cafes. Read more

www.theregister.co.uk:
Foiled computer blaggers jailed for 38 years. Read more

www.scmagazine.com:
New PoC virus can infect both Windows and Linux. Read more

news.zdnet.co.uk:
Academic breaks the Great Firewall of China. Read more

news.bbc.co.uk:
Anti-piracy tool confuses users. Read more

www.computing.co.uk:
Germany wins IT security cup. Read more

www.cio.com:
The Punishment for Lax Security: Two Decades of Audits. Read more

www.news.com.au:
Computers 'glued' to protect data. Read more

. 03 July 2006

Guides, Papers, etc
www.siliconvalley.com:
Piercing China's great firewall. Read more

www.peacefire.org:
How to install the Circumventor program, which gets around all Web-blocking software. Read more

ddanchev.blogspot.com:
China's Interest of Censoring Mobile Communications. Read more

isc.sans.org:
Reports of web forums running Invision Power Board being compromised. Read more

blogs.securiteam.com:
eon8.com and terrorism. Read more

blogs.securiteam.com:
IBM version�s Netscape Engineers are Weenies (i.e. Easter Egg). Read more

arstechnica.com:
Why Microsoft would want WGA to phone home. Read more

computerworld.co.nz:
Email encryption is becoming essential. Read more

www.mobileav.org:
The Ten Most Critical Wireless and Mobile Security Vulnerabilities (Updated) ~ The Experts� Consensus. Read more

news.zdnet.co.uk:
Secrets of stock spam scams revealed. Read more

www.theage.com.au:
Scamming the Nigerian scammer. Read more

blog.wired.com:
Your Own Personal Internet. Read more

seattlepi.nwsource.com:
Software Notebook: Mr. Firefox looks to the future. Read more

www.washingtonpost.com:
Self-Defense For EBay Buyers. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Ipswitch Collaboration Suite Bug in Premium Anti-Spam Feature May Not Properly Load Updates. Read more

securitytracker.com:
Ipswitch IMail Secure Server Bug in Premium Anti-Spam Feature May Not Properly Load Updates. Read more

securitytracker.com:
Stud.IP Include File Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SiteBuilder-FX Include File Error in 'top.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Java System Messaging Server May Disclose Portions of Files to Local Users. Read more

securitytracker.com:
Plume CMS Include File Flaw in 'dbinstall.php' Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.washingtonpost.com:
Arrests Made in '05 LexisNexis Data Breach. Read more

www.newsfactor.com:
International Virus-Writing Gang Busted. Read more

www.vnunet.com:
OpenOffice patches three security holes. Read more

www.washingtonpost.com:
Microsoft to End Support Of Old Windows Versions. Read more

edition.cnn.com:
China steps up controls on blogs. Read more

www.vnunet.com:
Virus peril shifts from email to websites. Read more

www.computerworld.com:
Microsoft denies WGA kill switch in Windows XP. Read more

. 01 July 2006

Guides, Papers, etc
www.securityfocus.com:
MySpace, a place without MyParents. Read more

www.redorbit.com:
Access Denied ; Team of 'Ethical Hackers' Reveals Vulnerability of Businesses' Computers. Read more

blogs.securiteam.com:
P2P spam spamming. Read more

www.itweek.co.uk:
The fine art of shoulder surfing. Read more

www.winsupersite.com:
Internet Explorer 7.0 Beta 3 Review. Read more

blogs.msdn.com:
Keyboard Changes in Beta 3. Read more

www.avertlabs.com:
I Hate the Password Policy! Read more

aolradio.podcast.aol.com:
Audio: Security Now 46: Routing Logd: Listen

aolradio.podcast.aol.com:
Audio: Security Now 45: The HOST File: Listen

 

Vulnerabilities & Exploits
isc.sans.org:
OpenOffice.org Vulnerabilities. Read more

securitytracker.com:
OpenOffice.org Bugs Let Java Scripts Escape the Sandbox, Macro Code Be Executed, or Arbitrary Code Be Executed on the Target System. Read more

securitytracker.com:
iTunes Integer Overflow in Processing AAC Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Siemens SpeedStream Wireless Router UPnP Support Lets Remote Users Access Restricted Files. Read more

 

News
www.theregister.co.uk:
MS releases third beta for IE7. Read more

www.theregister.co.uk:
Microsoft confirms another slip for Office. Read more

www.theregister.co.uk:
Microsoft hides under duvet. Read more

arstechnica.com:
Microsoft in legal trouble over Windows Genuine Advantage. Read more

www.2-spyware.com:
The new worm appears as the WGA tool. Read more

www.theregister.co.uk:
German experts want search engines to be monitored. Read more

www.theregister.co.uk:
Shadowcrew mastermind caged. Read more

www.theregister.co.uk:
China targets blogs. Read more

news.zdnet.co.uk:
Police arrest suspected virus writers. Read more

www.esecurityplanet.com:
IE, Firefox Users at Risk From New Flaws. Read more


Copyright� MegaSecurity.org