Home    News Archive    Translate Traducen
News July 2008
29 July 2008

Guides, Papers, etc
www.mcafee.com
McAfee Research Reveals Many SMBs in Denial About Security. Read more

blog.wired.com
Kaminsky on How He Discovered DNS Flaw and More. Read more

www.wired.com
Lesson From the DNS Bug: Patching Isn't Enough. Read more

blog.metasploit.com
BailiWicked. Read more

blog.trendmicro.com
The �BailiWicked� Problem. Read more

blogs.technet.com
Pushing the Limits of Windows: Physical Memory. Read more

ddanchev.blogspot.com
Over 80 percent of Storm Worm Spam Sent by Pharmaceutical Spam Kings. Read more

ddanchev.blogspot.com
Click Fraud, Botnets and Parked Domains - All Inclusive. Read more

ddanchev.blogspot.com
Smells Like a Copycat SQL Injection In the Wild Read more

ddanchev.blogspot.com
Vulnerabilities in Antivirus Software - Conflict of Interest. Read more

ddanchev.blogspot.com
Email Hacking Going Commercial. Read more

ddanchev.blogspot.com
Lazy Summer Days at UkrTeleGroup Ltd. Read more

ddanchev.blogspot.com
Coding Spyware and Malware for Hire. Read more

www.avertlabs.com
The peaceful worm�. not :( Read more

www.avertlabs.com
What Is Undetectable Malware? Read more

www.avertlabs.com
Pay Attention to 3rd-Party Software. Read more

blog.trendmicro.com
Fake Trend Micro Virus Clean Tool Spreads Malware Dirt. Read more

bharath-m-narayan.blogspot.com
TheSpyBot Promo site. Read more

blogs.paretologic.com
Fresh Zlob Variant not well detected. Read more

evilcodecave.wordpress.com
Fake Italian uTorrent Website and Malicious Application. Read more

www.prevx.com
Keep playing it down, Its FUD, Right ? Read more

blogs.authentium.com
What is this response time thing anyway? Read more

news.bbc.co.uk
Chinese web filtering 'erratic'. Read more

www.forbes.com
The No-Tech Hacker. Read more

resources.zdnet.co.uk
The days of desktop antivirus apps are numbered. Read more

www.f-secure.com
Storm, the feds and Facebook. Read more

www.f-secure.com
One Million Detections. Read more

isc.sans.org
Never disable your firewall, no matter how good it sounds. Read more

isc.sans.org
Recursive DNS Cache Auditing Resource. Read more

www.eweek.com
What if You Fell Through a Manhole? Read more

www.darkreading.com
When Penetration Testers (Almost) Get Caught. Read more

www.cs.indiana.edu
Exploitable Redirects on the Web: Identification, Prevalence, and Defense (pdf). Read more

www.podtrac.com
Audio. Security Now 154: Listener Feedback 46. Listen

www.0x000000.com
Hackers. Read more

A parent's remark led to a novel.
Novel about two parents who reluctantly install spyware on their 16-year-old son's computer . Read more

 

Vulnerabilities & Exploits
www.caughq.org
Kaminsky DNS Cache Poisoning Flaw Exploit. Read more

www.caughq.org
Kaminsky DNS Cache Poisoning Flaw Exploit for Domains. Read more

 

Tools:
www.f-secure.com
F-Secure Rescue CD 3.00. Read more

adeona.cs.washington.edu
Adeona is the first Open Source system for tracking the location of your lost or stolen laptop. Read more

 

News
www.securityfocus.com
Report: Small biz weak in cybersecurity. Read more

www.securityfocus.com
E-Gold pleads guilty to money laundering. Read more

www.securityfocus.com
Metasploit releases double-whammy for DNS. Read more

news.softpedia.com
Hacked Data Used by Korean Loan Sharks. Read more

www.theregister.co.uk
Austrian official fuels Skype backdoor rumours. Read more

www.vnunet.com
US government security data compromised. Read more

www.theregister.co.uk
Security shocker: 75% of US bank websites have flaws. Read more

www.securityfocus.com
Attackers' behavior builds better blacklists. Read more

www.securityfocus.com
Prosecutors criticized in pop-up porn case. Read more

www.pcworld.com
Oracle Issues Warning Over Dangerous WebLogic Flaw. Read more

www.denverpost.com
Missing 'spam king' kills self, family. Read more

www.theregister.co.uk
Google gives GMail always-on encryption. Read more

www.sundayherald.com
For sale on the web: your identity ... for just 10p. Read more

timesofindia.indiatimes.com
Hackers control the internet traffic. Read more

www.dslreports.com
TorrentSpy Hacker Spied on The Pirate Bay for MPAA. Read more

english.chosun.com
Police: 9 Mil. Stolen Files Traded by Loan Ring. Read more

www.vnunet.com
Oyster cracker vows to clone cards. Read more

21 July 2008

Guides, Papers, etc
honeyblog.org
Survival of the Fittest. Read more

isc.sans.org
Survival Time on the Internet. Read more

www.schneier.com
Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications. (pdf) Read more

securitylabs.websense.com
Reversing malware with oSpy. Read more

honeyblog.org
Fast-Flux Data. Read more

dsc.discovery.com
The Truth About Chinese Hackers. Read more

www.secureworks.com
Coreflood Removal for the Network Administrator. Read more

ddanchev.blogspot.com
Impersonating StopBadware.org to Serve Fake Security Warnings. Read more

ddanchev.blogspot.com
SQL Injecting Malicious Doorways to Serve Malware. Read more

ddanchev.blogspot.com
Money Mule Recruiters use ASProx's Fast Fluxing Services. Read more

ddanchev.blogspot.com
The Ayyildiz Turkish Hacking Group VS Everyone. Read more

ddanchev.blogspot.com
The Unbreakable CAPTCHA. Read more

ddanchev.blogspot.com
Obfuscating Fast-fluxed SQL Injected Domains. Read more

ddanchev.blogspot.com
The Neosploit Malware Kit Updated with Snapshot ActiveX Exploit. Read more

www.darkreading.com
Cybercrime, Cosa Nostra-Style. Read more

www.marshal.com
The Irresistible Angelina Jolie. Read more

msmvps.com
CNET hit by malvertizements. Read more

securitylabs.websense.com
Banker Analysis. Read more

www.f-secure.com
Snapshot Viewer for Microsoft Access. Read more

sunbeltblog.blogspot.com
IRS Stimulus package phish. Read more

sunbeltblog.blogspot.com
Another fake MS spam. Read more

sunbeltblog.blogspot.com
Julie Amero Petition. Read more

www.securityfocus.com
Blocking Traffic by Country on Production Networks. Read more

www.securityfocus.com
Video - Global Malware. Read more

www.avertlabs.com
Do you know cloaking? Read more

www.avertlabs.com
Ever put your CV on a job site? Read more

isc.sans.org
A twist in fluxnet operations. Enter Hydraflux. Read more

isc.sans.org
Exit process? Read more

isc.sans.org
Adobe Reader 9. Read more

isc.sans.org
Extracting scripts and data from suspect PDF files. Read more

www.darkreading.com
Microsoft Office Security Team Enlists Bots, Pen Tests. Read more

addxorrol.blogspot.com
All this DNS ... Read more

addxorrol.blogspot.com
On Dan's request for "no speculation please". Read more

blog.trendmicro.com
New YouTube Spam Dresses Malware as Porn. Read more

blog.trendmicro.com
Spam Spans New Artistic Heights. Read more

blog.trendmicro.com
YAMSIA (Yet Another Massive SQL Injection Attack). Read more

blog.trendmicro.com
�Angelina Jolie Nude Movie� Spam. Read more

www.prevx.com
GetCodec.A says hello to multimedia files. Read more

www.prevx.com
CPU Bug Attacks: Are they really necessary? Read more

bharath-m-narayan.blogspot.com
Malware distributing sites. Read more

bharath-m-narayan.blogspot.com
WinSpywareProtect. Read more

garwarner.blogspot.com
Russian Cybercrooks, CoreFlood, and the Amazing Joe Stewart. Read more

blog.wired.com
The Ghost in Your Machine: IPv6 Gateway to Hackers. Read more

www.smh.com.au
Hooking the crooks. Read more

www.benedelman.org
Competition among Sponsored Search Services. Read more

news.cnet.com
Protecting against Wi-Fi, Bluetooth, RFID data attacks. Read more

www.computerworld.com.au
12 ways to visualize network security. Read more

anti-virus-rants.blogspot.com
if i have a whitelist, do i still need AV? Read more

www.computerworld.com
Six hours to hack the FBI (and other pen-testing adventures). Read more

news.cnet.com
Social Engineering 101: Mitnick and other hackers show how it's done Read more

news.cnet.com
Listen to the 2600 hacker conference. Read more

www-static.cc.gatech.edu
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. (pdf). Read more

atlas-public.ec2.arbor.net
Hitpop DDoS Malware Analysis (pdf). Read more

atlas-public.ec2.arbor.net
BlackEnergy DDoS Bot Analysis. Read more

evilcry.altervista.org
CartellaUnicaTasse.exe An Italian Malware Reverse Engineering Study. Read more

www.podtrac.com
Audio. Security Now 153: Bad Phorm. Listen

 

News
www.channelregister.co.uk
Unpatched Windows PCs own3d in less than four minutes. Read more

www.securityfocus.com
Mozilla shutters three Firefox flaws. Read more

www.securityfocus.com
Rogue admin blocks San Francisco network. Read more

fergdawg.blogspot.com
Certegy DBA Gets Jail Time For Data Thefts. Read more

www.securityfocus.com
Cybercrime gets busy getting organized. Read more

www.theregister.co.uk
Crooks charge premium for filter-evading Trojan. Read more

timesofindia.indiatimes.com
Hackers snoop on mobile phones. Read more

www.theregister.co.uk
Researchers show up deniable file system crypto leaks. Read more

www.usatoday.com
Russian Coreflood Gang targets online bank accounts. Read more

www.mediafax.ro
Romanian Authorities Arrest 24 Suspects In Internet Crime Frauds. Read more

www.computerworld.com.au
Hack a million systems - earn a job. Read more

www.thedarkvisitor.com
Chinese hacker Withered Rose returns. Read more

www.digitalhome.ca
Rogers violates net neutrality by hijacking failed DNS lookups. Read more

news.cnet.com
The Internet--a private eye's best friend. Read more

12 July 2008

Guides, Papers, etc
securosis.com
Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released. Read more

doxpara.com
Find out if the DNS server you use is vulnerable. Read more

www.securityfocus.com
An Astonishing Collaboration. Read more

www.f-secure.com
DNS and SQL Updates. Read more

www.courant.com
Let's End Teacher's Long Nightmare. Read more

sunbeltblog.blogspot.com
The Julie Amero situation, over one year later. Read more

www.wtic.com
Audio. On the radio: Rick Green on Julie Amero. Listen

sunbeltblog.blogspot.com
Osterman webcast on The Case for Server-based Messaging Security Solutions. Read more

blog.washingtonpost.com
Ghosts of Java Haunt Users. Read more

msmvps.com
The Sun Java installer still sucks.... Read more

isc.sans.org
And you thought the DNS issue was an old one... Read more

isc.sans.org
July 2008 black tuesday overview. Read more

ddanchev.blogspot.com
Violating OPSEC for Increasing the Probability of Malware Infection. Read more

ddanchev.blogspot.com
The Template-ization of Malware Serving Sites. Read more

ddanchev.blogspot.com
Mobile Malware Scam iSexPlayer Wants Your Money. Read more

ddanchev.blogspot.com
Storm Worm's U.S Invasion of Iran Campaign. Read more

ddanchev.blogspot.com
Fake Porn Sites Serving Malware - Part Two. Read more

ddanchev.blogspot.com
The Risks of Outdated Situational Awareness. Read more

ddanchev.blogspot.com
The ICANN Responds to the DNS Hijacking, Its Blog Under Attack. Read more

ddanchev.blogspot.com
The Antivirus Industry in 2008. Read more

msmvps.com
ALERT: Malvertizement featuring Skype. Read more

msmvps.com
ALERT: malvertizement featuring classmates.com. Read more

msmvps.com
ALERT: new malvertizement protocols, courtesy of Kimberley. Read more

msmvps.com
An interesting browser hijacking that I have not seen before... watch out for the "free" Geobytes Geoflag. Read more

www.darkreading.com
Disclosure Shouldn't Be a Leap of Faith. Read more

www.avertlabs.com
Are Internet cafes and bars in danger? Read more

www.avertlabs.com
Nuwar Back to War Games. Read more

www.darkreading.com
Trojan Attacks Multimedia Files Stored on Hard Drives. Read more

blogs.zdnet.com
Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails. Read more

blogs.zdnet.com
What happens when you patch the Internet? Read more

blogs.zdnet.com
The key to an open, transparent malware filtering system. Read more

blogs.zdnet.com
Approximately 800 vulnerabilities discovered in antivirus products. Read more

www.darkreading.com
FasTrak Toll Hacked, Exposing Privacy Dangers. Read more

anti-virus-rants.blogspot.com
the future of malware past. Read more

anti-virus-rants.blogspot.com
the malware plateau. Read more

blog.spywareguide.com
Homer Simpson and the Kimya Botnet. Read more

blog.spywareguide.com
Twitter Spam. Read more

blog.spywareguide.com
Malware Install Hides Behind Fake Blue Screen Of Death. Read more

www.eweek.com
Yes, Domain Tasting Will End. Read more

blogs.zdnet.com
Apple hasn�t learned from past security mistakes. Read more

www.eweek.com
How to Avoid Security Risks for Mobile Computing on Public WLANs. Read more

www.0x000000.com
Attacking ColdFusion. Read more

www.0x000000.com
URLANDEXIT. Read more

garwarner.blogspot.com/
Nuwar Looks for News Readers? Read more

blogs.paretologic.com
Bit by a dog with the plague. Read more

blogs.paretologic.com
Locked out of my desktop. Read more

bharath-m-narayan.blogspot.com
Update on Trojan-Downloader-CodecPack Distributing sites. Read more

bharath-m-narayan.blogspot.com
Trojan distributing sites. Read mor

bharath-m-narayan.blogspot.com
List of new Rogue security applications. Read more

www.narus.com
DNS Fix Causes Huge Surge in DNS traffic in the Internet. Read more

www.wired.com
How a Classic Man-in-the-Middle Attack Saved Colombian Hostages. Read more

honeyblog.org
Learning and Classification of Malware Behavior. (pdf) Read more

vil.nai.com
Vulnerabilities in AV software. (pdf) Read more

anti-virus-rants.blogspot.com
lies, damn lies, and statistics. Read more

www.thedarkvisitor.com
Chinese hacker soap opera. Read more

www.podtrac.com
Audio. Security Now 152: Listener Feedback 45. Listen

www.enterpriseitplanet.com
For Starters: Virtualization - Part 3. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com
Microsoft Access Snapshot Viewer Exploited in Neosploit Wrapper. Read more

 

News
www.securityfocus.com
Alliance forms to fix DNS poisoning flaw. Read more

www.securityfocus.com
Bad-Code Blues. Read more

www.computerworld.com
DNS researcher convinces skeptics that bug is serious. Read more

www.theregister.co.uk
Shocker DNS spoofing vuln discovered three years ago by a student. Read more

www.theregister.co.uk
MS DNS patch snuffs net connection for ZoneAlarm users. Read more

blog.wired.com
Ameritrade Hack Settlement: $2 Per Victim, $1.8 Million for Lawyers. Read more

www.theregister.co.uk
Fears mount over missing Webroot founder. Read more

blog.wired.com
Hacker Sentenced to 2 Years for MySpace Cyberstalking. Read more

www.theregister.co.uk
File system killer leads police to wife's bones. Read more

www.theregister.co.uk
File system killer Reiser rejected 3-year sentence. Read more

www.theregister.co.uk
Malware authors declare start of World War III (again). Read more

www.theregister.co.uk
Zero day Word flaw exploited by Trojan. Read more

www.itnews.com.au
Homer Simpson accused of spreading malware. Read more

www.darkreading.com
Texas Bank Dumps Antivirus for Whitelisting. Read more

www.smh.com.au
When hackers converge. Reda more

www.itbinnovation.com
Forget CSI � Digital DNA Comes To A Computer Near You. Read more

www.theregister.co.uk
New York pressures more ISPs into child pornography crackdown. Read more

04 July 2008

Guides, Papers, etc
blogs.technet.com
Upcoming Update to Windows Update. Read more

blogs.technet.com
July 2008 Advance Notification. Read more

Understanding the Web browser threat:
Examination of vulnerable online Web browser populations and the "insecurity iceberg". Read more

www.securityfocus.com
Web surfers, it's time to patch. Read more

www.securityfocus.com
Internationalization of Malware. Read more

www.f-secure.com
Stormy fireworks. Read more

www.f-secure.com
Tibia: Part One. Read more

www.f-secure.com
Tibia: Part Two. Read more

isc.sans.org
New Opera v9.51 fixes couple of security issues. Read more

isc.sans.org
Detecting scripts in ASF files (part 2). Read more

ddanchev.blogspot.com
Gmail, Yahoo and Hotmail�s CAPTCHA Broken. Read more

ddanchev.blogspot.com
Chinese Bloggers Bypassing Censorship by Blogging Backward. Read more

ddanchev.blogspot.com
Decrypting and Restoring GPcode Encrypted Files. Read more

ddanchev.blogspot.com
Summarizing June's Threatscape. Read more

blogs.paretologic.com
Kit of the root (RootKit). Read more

www.avertlabs.com
Welcome to Virtual Worlds. Read more

www.avertlabs.com
The End of Exponential Malware Growth? Read more

www.avertlabs.com
Yet another Paypal phishing scam. Read more

garwarner.blogspot.com
Storm Worm Salutes Our Nation on the 4th! Read more

www.eweek.com
Who Is Running The Most Secure Browser? Read more

www.darkreading.com
Cracking Physical Identity Theft. Read more

www.darkreading.com
Ratting Out Vulnerabilities. Read more

www.darkreading.com
Security Researchers: Not the Enemy. Read more

blogs.authentium.com
The Insanity of Email and Malware. Read more

blog.assarbad.net
Getting rid of SSH brute forcers. Read more

www.computerworld.com
Expect iPhone, Fourth of July scams, security firm says. Read more

community.zdnet.co.uk
Beware Of Sneaky Services. Read more

lauren.vortex.com
Lesson From Viacom: How to Get YouTube Users to Hate Your Guts. Read more

ha.ckers.org
XSSFilter Released. Read more

ha.ckers.org
Searchable SWFs. Read more

msmvps.com
Oh goody. Another SWF display conduit to keep an eye on :o( Read more

honeyblog.org
Fast-Flux Techniques in .mobi. Read more

news.cnet.com
Video: Latest in Viacom-Google lawsuit raises questions. Watch

www.podtrac.com
Audio. Security Now 151: Frakking Phorm. Listen

 

Tools:
www.tm.uka.de
PktAnon - packet trace anonymization. Read more

code.google.com
ratproxy - passive web application security assessment tool. Read more

 

News
www.theregister.co.uk
Microsoft touts trustworthy browsing with IE8. Read more

www.theregister.co.uk
Built-in browser expiry proposed to fight botnet menace. Read more

www.upi.com
Analysis: U.S. military to patrol Internet. Read more

www.dailytech.com
YouTube Ordered to Give Complete User Logs to Viacom. Read more

www.asianews.it
Tehran plans to impose the death penalty on those guilty of cyber crimes. Read more

www.telegraph.co.uk
Hackers scam millions from stolen PIN codes. Read more

www.securityfocus.com
World of Warcraft to get bank-like security. Read more

www.theregister.co.uk
Scareware runs amok on PlayStation site. Read more

www.vnunet.com
Cyber-crooks celebrate independence. Read more

www.nebraska.tv
UNK Computers Hacked. Read more

community.zdnet.co.uk
The GoDaddy saga continues...Read more

honeyblog.org
Studying Malicious Websites and the Underground Economy on the Chinese Web. Read more


Copyright� MegaSecurity.org