Home    News Archive    Translate Traducen
News September 2005
30 September 2005

Guides, Papers, etc
www.av-test.org:
Cross Reference List of Virus Names based on the WildList 07/2005. Download

www.eweek.com:
By Larry Seltzer: No Solution at Hand for the Malware Naming Mess. Read more

www.eweek.com:
US-CERT Malware Naming Plan Faces Obstacles. Read more

www.windowsecurity.com:
Managed E-Mail Security Services: Is it the right solution for your network? Read more

Security Management - September 2005
How to Shoot Yourself in the Foot with Security, Part 1. Read more

www.nanog.org:
Observation and Analysis of BGP Behavior Under Stress. � A Study of BGP�s Reaction to the Nimda Worm Attack. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
SquirrelMail 'Address Add' Plugin Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
NateOn Messenger Buffer Overflow in 'NateonDownloadManager.ocx' Lets Remote Users Upload Files and Also Deny Service. Read more

securitytracker.com:
CubeCart Input Validation Bugs in 'cart.php' and 'index.php' Permit Cross-Site Scripting Attacks

securitytracker.com:
TWiki Input Validation Flaw in INCLUDE Function Lets Remote Authenticated Users Execute Arbitrary Commands. Read more

securitytracker.com:
AbiWord Buffer Overflow in RTF Importer May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
lucidCMS Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Novell GroupWise Client Integer Overflow in Processing 'IP Port' Registry Key May Let Local Users Execute Arbitrary Code. Read more

www.securiteam.com:
BlenderPlayer Local Buffer Overflow (Exploit). Read more

www.debian.org:
DSA-830-1 ntlmaps -- wrong permissons. Read more

www.debian.org:
DSA-829-1 mysql -- buffer overflow. Read more

www.debian.org:
DSA-828-1 squid -- authentication handling. Read more

www.debian.org:
DSA-827-1 backupninja -- insecure temporary file. Read more

 

News
www.cnn.com:
Hackers shift focus to financial gain. Read more

www.smh.com.au:
Suicide bombers turning to websites. Read more

www.theregister.co.uk:
Warning over unattended PC peril. Read more

www.securitypipeline.com:
Coming Next Year: The First 'Trusted' Linux Operating System. Read more

beta.news.com.com:
Joy: Future of the Web is mobile devices. Read more

www.betanews.com:
Skype Adds Personalization, Mobility. Read more

news.zdnet.com:
Scare tactics don't rattle Mac users. Read more

www.linuxworld.com.au:
Want security? You'd better wait for the new era of computing. Read more

www.circleid.com:
Oklahoma Man Wins $10 Million Judgment Against a Spammer. Read more

beta.news.com.com:
FBI to get veto power over PC software? Read more

news.zdnet.com:
Judge looks for links in credit card case. Read more

today.reuters.co.uk:
PDAs expected to change healthcare in future. Read more

beta.news.com.com:
Sony cracks down on PSP hacks. Read more

. 29 September 2005

Guides, Papers, etc
www.securityfocus.com:
Security-related innovation in Unix. Read more

www.sandsprite.com:
Real World XSS. Read more

www.ripe.net:
A first look at Saturday�s MS-SQL worm as seen by BGP activity recorded by the RIS project. Read more

www.bookpool.com:
Richard Bejtlich's favorite books. Read more

astalavista.com:
How Modern Terrorism Uses the Internet. Read more

www.zone-h.org:
The third episode of Zone-H Comics. Read more

 

Tools:
news.bbc.co.uk:
Net calling kits hit High Streets. Read more

appft1.uspto.gov:
Microphone that clips on your tooth. Read more

 

Vulnerabilities & Exploits
www.cgisecurity.com:
Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more...Read more

rgod.altervista.org:
PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure. Read more

www.debian.org:
DSA-822-1 gtkdiskfree -- insecure temporary file creation. Read more

www.debian.org:
DSA-821-1 python2.3 -- integer overflow. Read more

moritz-naumann.com:
SquirrelMail Address Add Plugin XSS. Read more

 

News
www.scmagazine.com:
Trojan army invades Europe and the U.S. Read more

beta.news.com.com:
NSA granted Net location-tracking patent. Read more

beta.news.com.com:
Microsoft probes report of IE flaw. Read more

beta.news.com.com:
Phishers go after World Cup fans. Read more

www.scmagazine.com:
Home banking users fail to keep AV up to date. Read more

www.networkworld.com:
Novell server hacked. Read more

beta.news.com.com:
Wiretap rules for VoIP, broadband coming in 2007. Read more

www.fcw.com:
Network appliance to get highest-ever security rating. Read more

www.theregister.co.uk:
WSIS: Who gets to run the internet? Read more

www.theregister.co.uk:
Office 2003 SP2 trashes junk mail. Read more

www.terra.net.lb:
NASA and US Internet search company Google launch research alliance. Read more

. 28 September 2005

Guides, Papers, etc
www.securityfocus.com:
Windows rootkits come of age. Interviews Greg Hoglund and Jamie Butler. Read more

Countering spyware
The InfoWorld Test Center assesses the readiness of 10 anti-spyware operatives for active enterprise duty. Read more

www.windowsecurity.com:
Packet analysis tools and methodology (Part 4). Read more

www.eweek.com:
By Larry Seltzer: Class Action Suits Aren't the Best Way to Challenge Spyware. Read more

www.bonafidereviews.com:
The Future of Voice Communication. Read more

beta.news.com.com:
VoIP wants to cut the computer cord. Read more

pacsec.jp:
PacSec/core05 conference. World Security Pros To Converge on Japan on November 15 and 16, 2005. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Solaris Buffer Overflow in Xsun and Xprt Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Helix Player Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
RealPlayer for Linux/UNIX Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Nokia Phones OBEX Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
GeSHi Input Validation Hole Lets Remote Users Include Local Files. Read more

securitytracker.com:
CMS Made Simple Input Validation Flaw in 'page' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Mailgust Input Validation Hole in 'gorum/user_email.php' Permits SQL Injection Attacks. Read more

securitytracker.com:
Riverdark RSS Syndicator Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
phpMyFAQ Input Validation Holes Permit SQL Injection, Cross-Site Scrpting, and Remote Command Execution. Read more

 

News
hardware.silicon.com:
Euro data retention laws are inadequate and may be illegal. Read more

news.bbc.co.uk:
Boom times for hi-tech fraudsters. Read more

www.rsasecurity.com:
RSA Security Survey Reveals Multiple Passwords Creating Security Risks and End User Frustration. Read more

www.zdnet.com.au:
Filters can't stop phishing attacks: NCR. Read more

www.technewsworld.com:
FTC Launches Aggressive Campaign to Educate Online Consumers. Read more

www.theregister.co.uk:
DEA shuts 4,600 rogue pharmacy sites. Read more

www.vnunet.com:
Phone makers seek to further lock down handsets. Read more

www.theregister.co.uk:
Beatific Gates blesses the Windows Palm. Read more

www.pjstar.com:
Money order scams disguised as 'error'. Read more

. 27 September 2005

Guides, Papers, etc
www.infoworld.com:
Countering spyware. Read more

www.dslreports.com:
Q: How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach. Read more

The Future of Bot Worms
What we can expect from worm authors in the coming months. Read more

www.eweek.com:
By Larry Seltzer: Class Action Suits Aren't the Best Way to Challenge Spyware. Read more

rootkit.host.sk:
How to become unseen on Windows NT. Read more

www.cert.hu:
Strider GhostBuster: Why It�s A Bad Idea For Stealth Software To Hide Files. Read more

ftp.research.microsoft.com:
How to �Root� a Rootkit That Supports Root Processes Using Strider GhostBuster Enterprise Scanner. Read more

www.research.microsoft.com:
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. Read more

www.pcworld.com:
Auto Updates: No Quick Security Fix. Read more

www.pcworld.com:
Create a Windows CD for PCs That Don't Have One. Read more

www.cisco.com:
Worm Mitigation Technical Details. Read more

 

Tools:
today.reuters.com:
Microsoft, Palm make peace, plan new Windows phone. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Realplayer and Helix Player Remote Format String Vulnerability. Read more

 

News
msnbc.msn.com:
China toughens restrictions on Internet news. Read more

www.theregister.co.uk:
China hits blogs where it hurts. Read more

today.reuters.co.uk:
Google to triple search scope. Read more

www.theregister.co.uk:
Sales up but profits down at Sophos. Read more

www.theregister.co.uk:
Phishers target Yahoo! Photos. Read more

www.computerworld.com:
More Flaws in Firefox Than IE, Symantec Says. Read more

english.chosun.com:
OhmyNews Infected With Trojan Horse. Read more

www.computerworld.com.au:
Security technology targets the LAN. Read more

www.washingtonpost.com:
Google Offers Prime-Time Video Streamcasts. Read more

www.chinadaily.com.cn:
'Chinese Google' in court again. Read more

news.bbc.co.uk:
Gates gives $40m to old school. Read more

. 26 September 2005

Guides, Papers, etc
nwc.securitypipeline.com:
Wireless Security: What�s Good Enough? Read more

www.potaroo.net:
Sapphire/Slammer Worm Impact on Internet performance. Read more

 

Tools:
www.belarc.com:
The Belarc Advisor builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Solaris UFS Logging Bug in ufs_setsecattr() Lets Local Users Deny Service. Read more

securitytracker.com:
7-Zip Buffer Overflow in Processing ARJ Archives May Let Remote Users Execute Arbitrary Code. Read more

www.milw0rm.com:
PwnZilla 5 - One sploit fits all. (FireFox optimized). Read mor

 

News
today.reuters.com:
China sets new rules on Internet news. Read more

software.silicon.com:
'How to attack Firefox' code appears on the net. Read more

www.eweek.com:
US-CERT Malware Naming Plan Faces Obstacles. Read more

www.websensesecuritylabs.com:
Phishing Alert: Yahoo! Photos. Read more

msnbc.msn.com:
Underground without firewalls. Read more

www.itweb.co.za:
Hackers blitz SA sites. Read more

www.bizjournals.com:
Oh, SPIT! Security woes hit VoIP too. Read more

www.computerworld.com.au:
Security professionals battle cost and complexity. Read more

news.zdnet.co.uk:
Talk Talk talks up Internet security. Read more

. 25 September 2005

Guides, Papers, etc
www.desktoplinux.com:
Excerpts from "Hacking Firefox" published. Read more

astalavista.com:
The Latest in Hacking Tools & Techniques. Read more

www.ebankingsecurity.com:
Why eBanking is Bad for your Bank Balance. Read more

www.microsoft.com:
Anti-phishing White Paper by Microsoft. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
MailGust 1.9 SQL injection / board takevor. Read more

 

News
www.theregister.co.uk:
Microsoft: beating itself back to health? Read more

news.bbc.co.uk:
Microsoft facing middle age at 30. Read more

www.vnunet.com:
Spoof email tricks AOL users. Read more

www.mb.com.ph:
RP only ASEAN nation with hacked military Web domain. Read more

nwc.systemsmanagementpipeline.com:
Financial Firms Declare War On Hacking. Read more

www.rednova.com:
Credit-Card Case Gets Attention ; Do Visa, Mastercard Have to Notify You of a Security Breach, or Should Banks? Read more

nsnlb.us.publicus.com:
Alleged spammer's assets frozen while waiting for trial. Read more

www.suntimes.com:
Microsoft links up with Intellext's search tool. Read more

. 24 September 2005

Guides, Papers, etc
www1.cs.columbia.edu:
WORM 2005 is the 3rd in a series of one-day annual workshops focusing on the problem of self-propagating malicious programs.
The workshop brings together researchers and security practitioners from academia, industry and the government. WORM will be held in conjunction with the ACM CCS conference, on November 11, 2005 at George Mason University (GMU), Fairfax campus. Read more

www.f-secure.com:
3D animation that visualizes the structure and execution of the W32/Bagle.AG@mm worm by F-Secure. Watch with Windows Media

 

Tools:
www.redherring.com:
Qualcomm integrates Wi-Fi into its chipsets so cell phones can use wireless LANs. Read more

 

Vulnerabilities & Exploits
www.microsoft.com:
Security Fix for DirectX 8 on Windows 2000, Windows ME, Windows 98 SE, and Windows 98 (KB819696). Read more

www.debian.org:
DSA-817-1 python2.2 -- integer overflow. Read more

www.debian.org:
DSA-816-1 xfree86 -- integer overflow. Read more

securitytracker.com:
Apple Mac OS X securityd May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple Safari Web Archive Feature Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Apple SecurityAgent May Let Physically Local Users Bypass the Screen Saver Password. Read more

securitytracker.com:
QuickTime for Java Lets Applets Gain Elevated Privileges. Read more

securitytracker.com:
Apple QuickDraw Manager Buffer Overflow in Processing PICT Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple Mac OS X malloc() Debugging Feature Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple ImageIO Buffer Overflow in Processing GIF Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Browser Integer/Buffer Overflows, Spoofing Bugs, and Access Control Errors Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
my little forum Input Validation Hole in 'search.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
HylaFAX xferfaxstats Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more

 

News
www.securitypark.co.uk:
Interpol creates new tools to fight global crime and terrorism. Read more

www.theregister.co.uk:
Credit card companies can keep data ID theft secret. Read more

news.com.com:
Name that worm--plan looks to cut through chaos. Read more

www.theregister.co.uk:
VoIP's gonna be huge. Read more

www.theregister.co.uk:
Symantec hooks anti-phishing firm WholeSecurity. Read more

news.com.com:
Ellison: Encryption is key to data protection. Read more

news.com.com:
Sophos: Cell phone virus claims are 'bonkers'. Read more

today.reuters.co.uk:
Media watchdog tells bloggers how to avoid censors. Read more

www.theregister.co.uk:
Dixons to launch net phone service. Read more

news.zdnet.co.uk:
Talk Talk talks up Internet security. Read more

www.pcworld.com:
Sana Halts Viruses With New Tactic. Read more

. 23 September 2005

Guides, Papers, etc
www.windowsecurity.com:
Windows Vista and Principle of Least Privilege. Read more

www.rsf.org:
Guide aims to help bloggers beat censors. Handbook for bloggers and cyber-dissidents. Read more

security.linux.com:
Protecting Linux against automated attackers. Read more

in.today.reuters.com:
ANALYSIS - Telecom operators twice shy as viruses go mobile. Read more

www.securityfocus.com:
Anonymity made easy. Read more

By Lenny Zeltser: The Evolution of Malicious Agents. Read more

searchsecurity.techtarget.com:
Why the catastrophic cyberattack may never come. Read more

 

Tools:
www.clintonfitch.com:
PocketPC Security�s Confidential Notes 1.1. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
PhpMyFaq 1.5.1 SQL injection / board takeover / user info disclosure / path disclosure remote code / commands execution. Read more

www.frsirt.com:
Mozilla Suite and Firefox Multiple Code Execution Vulnerabilities. Read more

securitytracker.com:
Webmin Input Validaiton Error in Processing PAM Authentication Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Usermin Input Validaiton Error in Processing PAM Authentication Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Mozilla Firefox Proxy Auto-Config Scripts May Let Remote Users Deny Service. Read more

securitytracker.com:
Ruby State Error May Let Users Bypass Safe Level Restrictions. Read more

securitytracker.com:
eric3 Vulnerability Has Unspecified Impact. Read more

 

News
www.theregister.co.uk:
PC-hopping mobile malware sighted. Read more

software.silicon.com:
Malware ID scheme set to sort naming muddle. Read more

www.rednova.com:
Virus-Infected Bot Networks on Increase, Company Warns. Read more

news.zdnet.co.uk:
Two-wave Bagle Trojan attack launched. Read more

www.smh.com.au:
Symantec to acquire WholeSecurity. Read more

www.cnn.com:
Guide aims to help bloggers beat censors. Read more

informationweek.com:
Financial Firms Declare War On Hacking. Read more

www.securityfocus.com:
Mozilla's popularity stressing its security image. Read more

www.theregister.co.uk:
Mozilla suffers growing pains. Read more

www.securityfocus.com:
Skype security and privacy concerns. Read more

www.pcworld.com:
Is VOIP the Next Target of Worms, Spam? Read more

www.theregister.co.uk:
How Microsoft can 'kill' Google. Read more

news.zdnet.co.uk:
Irate football fans launched DoS attacks. Read more

news.com.com:
EarthLink lands a win in phishing suit. Read more

www.wired.com:
Cell-Phone Spam Is Now a Crime. Read more

www.informationweek.com:
Just Give Us Better Batteries, Mobile Phone Users Say. Read more

www.vnunet.com:
Music biz offers anti-P2P technology. Read more

. 22 September 2005

Guides, Papers, etc
www.cs.fiu.edu:
Testing and Evaluation of Virus Detectors for Handheld Devices. Read more

networks.silicon.com:
Criminal IT: On Google and googling. Read more

www.microsoft.com:
Q&A: Members of Microsoft�s �20-Year Club� Reflect on the Past and the Future. Read more

www.infosecwriters.com:
Non Conventional Virus Attack. Read more

antivirus.about.com:
F-Prot for DOS can be a real system saver. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Lotus Domino Unspecified Input Validation Bug Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
IBM Rational ClearQuest Input Validation Flaw in XML Style Sheets Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Linux Kernel routing_ioctl() Bug May Let Local Users Crash the System. Read more

securitytracker.com:
Opera Mail Client Bugs May Let Remote Users Spoof Attachment Types and Inject Arbitrary Scripting Code. Read more

securitytracker.com:
Hesk Input Validation Error in PHPSESSID Parameter Lets Remote Users Bypass Authentication and Also Obtain System Information. Read more

securitytracker.com:
Bacula Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

www.zataz.net:
bacula insecure temporary file creation. Read more

 

News
www.theregister.co.uk:
Bagle blitz unleashed. Read more

www.tomshardware.com:
Black Hat/Defcon: Hackers Go Back to Vegas. Read more

www.vnunet.com:
Greetings card carries Trojan payload. Read more

news.com.com:
Google builds an empire to rival Microsoft. Read more

www.theregister.co.uk:
Airport PCs stuffed with meaty goodness. Read more

www.theregister.co.uk:
Linux users warned over Firefox flaw. Read more

www.globetechnology.co:
Data encryption about to make quantum leap. Read more

www.microsoft.com:
Microsoft Acquires Identity and Access Management Solutions Provider Alacris. Read more

news.com.com:
And you thought security couldn't get worse? Read more

management.silicon.com:
Opinion: Policing the internet will take more than law. Read more

www.vnunet.com:
Banks face customer exodus if hacked. Read more

www.abc.net.au:
Robbers using chat rooms to lure victims. Read more

. 21 September 2005

Guides, Papers, etc
www.businessweek.com:
A Rendezvous With Microsoft's Deep Throat.
Meet mystery blogger Mini-Microsoft, an employee who runs a virtual watercooler for his corporate colleagues, also anonymous. Read more

www.infosecwriters.com:
How to Combat Spyware in Co3w2q1` qtg5rf4dews2qa rporate Environments by Panda Software. Read more

www.theregister.co.uk:
Google Earth threatens democracy - again. Read more

www.windowsecurity.com:
Packet analysis tools and methodology (Part 3). Read more

www.infosecwriters.com:
Malicious Code in Depth. Read more

astalavista.com:
The Effect of DNS Delays on Worm Propagation in an IPv6 Internet. Read more

 

Tools:
fileforum.betanews.com:
Microsoft Shared Computer Toolkit 1.0. Read more

fileforum.betanews.com:
Tor for Windows 0.1.1.7 Alpha. Read more

www.securiteam.com:
Ycrack - Yahoo Mail Password Brute Forcer. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Solaris 'tl' Driver Bug Lets Local Users Panic the System. Read more

securitytracker.com:
HP Tru64 UNIX FTP Daemon Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
VERITAS Storage Exec Buffer Overflow in ActiveX DCOM Objects Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
VERITAS StorageCentral Buffer Overflow in ActiveX DCOM Objects Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Antigen for SMTP/Exchange Lets Remote Users Bypass Custom Filters. Read more

securitytracker.com:
Py2Play Lets Remote Users Send Arbitrary Code via Python Pickles. Read more

 

News
www.sci-tech-today.com:
Symantec Report: Malware Writers Are Winning Security War. Read more

www.internetnews.com:
Microsoft Shuffles Org Chart. Read more

www.techweb.com:
Microsoft Says Security Efforts Showing Fruit. Read more

www.internetnews.com:
Malicious Code For Profit. Read more

news.zdnet.co.uk:
Mozilla hits back at browser security claim. Read more

www.theregister.co.uk:
Phishers trawl for victims in Europe. Read more

www.vnunet.com:
Government IT slip reveals terror concerns. Read more

news.bbc.co.uk:
Microsoft shakes up its business. Read more

www.internetnews.com:
'A Dinosaur's Perspective' on VoIP. Read more

www.internetnews.com:
AOL Launches Next-Gen VoIP-IM Service. Read more

www.pcmag.com:
Security Watch: Phlood Phishing. Read more

news.zdnet.co.uk:
Security officers must change or die. Read more

news.com.com:
Intel dives into the ultra-low power pool. Read more

. 20 September 2005

Guides, Papers, etc
www.ruxcon.org.au:
RUXCON 2005. RUXCON is a conference organised by and for the Australian computer security community. Read more

rootkit.com:
Inline hook code randomization - Bypassing rootkit detectors. Read more

www.ngssoftware.com:
Writing Small Shellcode. Read more

www.sfgate.com:
Chinese Internet vs. free speech Hard choices for U.S. tech giants. Read more

www.theregister.co.uk:
Techscape: Skype beyond the hype. Read more

www.infosecwriters.com:
Computer Worms: Past, Present and Future. Read more

www.eweek.com:
By Larry Seltzer: Imagine Widespread Anti-Phishing Use. Read more

www.npr.org:
Audio: John Battelle on 'Search' and Google's Future. Read more

 

Tools:
www.download.com:
Analyzer is a PHP open source script that tests and debugs any kind of PHP-Nuke with phpbb2 installation. Read more

 

Vulnerabilities & Exploits
www.gentoo.org:
Clam AntiVirus: Multiple vulnerabilities. Read more

securitytracker.com:
MX Shop Input Validation Bugs in the 'pages' Module Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
NooTopList Input Validation Holes Permit SQL Injection Attacks. Read more

securitytracker.com:
PHP Advanced Transfer Manager Lets Remote Users Traverse the Directory and Also Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Spymac Web OS Input Validation Weakness in 'showthread.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
AlstraSoft EPay Pro Input Validation Flaw in 'read' Parameter Lets Remote Users View Files on the System. Read more

www.securiteam.com:
Stoney FTPd Buffer Overflow (PORT, Exploit). Read more

 

News
www.theregister.co.uk:
UK tops zombie PC chart (again). Read more

www.theregister.co.uk:
Net scam comes from Russia with love. Read more

www.zdnet.com.au:
Asian bloggers fear government backlash. Read more

go.reuters.com:
Online fraud 'ahead' of credit-card companies-experts. Read more

www.theregister.co.uk:
Microsoft upgrades software assurance. Read more

www.rednova.com:
FIRST Urges Wide-Scale Adoption of New Common Vulnerability Scoring System (CVSS). Read more

www.thepost.ie:
Security issues for the online shopper. Read more

www.zdnet.com.au:
Hackers return fire at security patches. Read more

news.zdnet.co.uk:
Symantec: Mozilla browsers more vulnerable than IE. Read more

news.bbc.co.uk:
Hackers target net call systems. Read more

www.technewsworld.com:
Report: Attackers Quietly Target Desktops, Personal Data. Read more

www.wired.com:
China Mulls 'Gang of 15 Million'. Read more

www.eweek.com:
Google Expected to Target Phone Search. Read more

www.kxan.com:
Man Arrested For Wire Tapping Ex's Phone. Read more

go.reuters.com:
Hollywood studios form tech group to fight piracy. Read more

www.iht.com:
EU antitrust chief weighs more action on Microsoft. Read more

www.techweb.com:
Google Won't Remove "Failure" Link To Bush. Read more

. 19 September 2005

Guides, Papers, etc
www.infosec.co.uk:
Infosecurity Europe 2006. Read more

mailinator.com:
Mailinator Spam Map. Read more

www.securitypipeline.com:
Review: Spyware Detectors. Read more

www.informationweek.com:
Langa Letter: A Must-Have Repair And Recovery Tool. Read more

www.pcworld.com:
Comparison Shopping. Read more

 

Tools:
www.nu2.nu:
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD. Read more

www.newscientist.com:
Camera phones will be high-precision scanners. Read more

 

Vulnerabilities & Exploits
indian-hackers.net:
Hotmail passwords easily exposed. Read more

 

News
in.today.reuters.com:
Cyber cons, not vandals, now behind viruses - report. Read more

indian-hackers.net:
Hotmail passwords easily exposed. Read more

nwc.securitypipeline.com:
Microsoft Talks Vista Security In Online Chat. Read more

www.computerworld.com.au:
Symantec Internet Security Threat Report Identifies Shift Toward Focused Attacks On Desktops. Read more

www.informationweek.com:
Gates Sees Synergy In Vista And Office Releases. Read more

www.sfgate.com:
Trail of stolen laptop winds through Web Computer had data for UC Berkeley students, alumni. Read more

www.pcworld.com:
Plan Treats All Broadband Providers Alike. Read more

www.newsday.com:
Adware infiltrates Google. Read more

www.usdoj.gov:
Massachusetts Teen Convicted for Hacking into Internet and Telephone Service Providers and Making Bomb Threats to High Schools in Massachusetts and Florida. Read more

www.informationweek.com:
VoIP's Role in Katrina Aftermath Understated. Read more

www.eweek.com:
Open Source Code Finds Way into Microsoft Product. Read more

forums1.sonymusic.com:
Artist Suggesting Ways Around Copy Protection. Read more

. 18 September 2005

Guides, Papers, etc
www.hack.lu:
Hack.lu 2005. A two days conference in the center of Europe for bridging ethics and security in computer science. Read more

www.ianetsec.com:
5th Annual New York Metro Network Security Forum. Read more

theravyn.org:
Steve Gibson on Call For Help Tells How To Take Down The Internet. Watch Video

www.insecure.org:
Stealing the Network: How to Own an Identity. Read more

www.insecure.org:
Stealing the Network: How to Own a Continent. Read more

www.npr.org:
Audio: John Battelle on 'Search' and Google's Future. Read more

www.windowsecurity.com:
Being Big Brother: Monitoring employees� network activity. Read more

news.com.com:
Microsoft's Vista looks to get tablets on write track. Read more

 

Tools:
www.pcmag.com:
Sprint Launches Windows Mobile 5.0 Pocket PC Phone. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
CuteNews 1.4.0 (possibly prior versions) remote code execution. Read more

www.debian.org:
DSA-815-1 kdebase -- programming error. Read more

securitytracker.com:
DeluxeBB Input Validation Bug in 'limit' Parameter Permits SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
TAC Vista Input Validation Flaw in 'Template' Parameter Lets Remote Users Traverse the Directory. Read more

 

News
www.informationweek.com:
Worm Redirects Google Searches To Look-Alike Site. Read more

www.techweb.com:
Gartner: VoIP Security Uncertain in EBay/Skype Deal. Read more

www.techweb.com:
Gates: The World Needs Computers And More. Read more

uk.builder.com:
Microsoft 'bars' Mono from conference. Read more

news.com.com:
Gates on Oracle and Siebel: 'You get deals. Read more

news.com.com:
Gates on Google: What, me worry? Read more

uk.builder.com:
Microsoft simplifies data access with LINQ. Read more

catless.ncl.ac.uk:
Public Call for Skype to Release Specifications. Read more

www.mb.com.ph:
Security experts warn Asian companies on �targeted attacks�. Read more

news.com.com:
Virtual goods, real scams. Read more

news.com.com:
Plan lets users be the judge of flaws. Read more

software.silicon.com:
Hackers claim to have cracked latest Firefox flaw. Read more

. 17 September 2005

Guides, Papers, etc
www.toorcon.org:
ToorCon 7. Located in sunny San Diego during September for the past 7 years, ToorCon has been providing a meeting place for many of the top hackers and security professionals from all around the world to get together and discuss today's bleeding edge issues. Read more

www.eweek.com:
Spyware Prevention Requires Multi-Layered Strategy. Read more

software.silicon.com:
Spot fraudsters in your office before they strike. Read more

www.oreillynet.com:
The Next 50 Years of Computer Security: An Interview with Alan Cox. Read more

www.theregister.co.uk:
Hackers are all B'stards now. Read more

www.anml.iu.edu:
Analysis of the �SQL Slammer� worm and its effects on Indiana University and related institutions. Read more

 

Tools:
www.microsoft.com:
Internet Explorer Developer Toolbar Beta. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP LaserJet Discloses Some Document Information to Remote Authenticated Users. Read more

securitytracker.com:
Squid Can Be Crashed By Remote Users With Specially Crafted Authentication Headers. Read more

securitytracker.com:
File Transfer Anywhere Stores Server Passwords in Plain Text. Read more

securitytracker.com:
TWiki History Function Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
MIVA Merchant Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
GtkDiskFree Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Turquoise SuperStat Buffer Overflow May Let Remote Servers Execute Arbitrary Code. Read more

securitytracker.com:
Oracle Reports May Allow Remote Users to Injection SQL Commands. Read more

securitytracker.com:
vxTftpSrv Filename Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
vxFtpSrv USER Command Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
vxWeb Can Be Crashed By Remote Users. Read more

securitytracker.com:
Digital Scribe Input Validation Flaw in 'login' Permits SQL Injection Attacks. Read more

securitytracker.com:
AhnLab V3 DeviceIoControl() Authentication Error Lets Local Users Gain Elevated Privileges and ACE Archive Bugs Let Remote Users Create Arbitrary Files or Execute Arbitrary Code. Read more

securitytracker.com:
AzDGDatingLite Image Upload Feature Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Lotus Domino Input Validation Holes in 'BaseTarget' and 'Src' Parameters Permit Cross-Site Scripting Attacks. Read more

 

News
news.zdnet.co.uk:
Microsoft makes Longhorn Server security promises. Read more

www.eweek.com:
Microsoft Scraps Old Encryption in New Code. Read more

money.cnn.com:
Gates plans huge push for next Windows. Read more

nwc.personaltechpipeline.com:
Worm Redirects Google Searches For Profit. Read more

news.com.com:
Database to track Dutch from cradle to grave. Read more

news.zdnet.co.uk:
Demon founder pleads guilty to email charges. Read more

www.theregister.co.uk:
US banks lose $50bn to phantom fraudsters. Read more

www.itweek.co.uk:
How to catch online crooks. Read more

www.geek.com:
New scams target virtual goods. Read more

www.miami.muohio.edu:
Social Security number and grade information on the more than 21,000 students accessible via the Internet. Read more

news.zdnet.com:
Plan lets users be the judge of flaws. Read more

news.bbc.co.uk:
Netting the next five billion. Read more

. 16 September 2005

Guides, Papers, etc
www.microsoft.com:
Next Generation TCP/IP Stack in Windows Vista and Windows Server "Longhorn". Read more

www.microsoft.com:
School is in: 7 computer security tips for students. Read more

www.microsoft.com:
VoIP: Your telephone online. Enjoy the benefits, know the risks. Read more

www.sunbelt-software.com:
AskJeeves (Software Review) by Sunbelt Software Research Center. Read more

sunbeltblog.blogspot.com:
The AskJeeves question. Hopefully, we've answered it. Read more

www.eweek.com:
By Larry Seltzer: The Software Practices Police Squad. Read more

news.ft.com:
FT briefing: The Zotob and Esbot worms. Read more

firstmonday.org:
The economy of phishing: A survey of the operations of the phishing market by Christopher Abad. Read more

www.cs.berkeley.edu:
Keyboard Acoustic Emanations Revisited. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Ahnlab Antivirus Buffer Overflow and Directory Traversal Vulnerabilities. Read more

www.zataz.net:
gtkdiskfree insecure temporary file creation. Read more

www.debian.org:
DSA-814-1 lm-sensors -- insecure temporary file. Read more

www.debian.org:
DSA-813-1 centerciq -- several vulnerabilities. Read more

securitytracker.com:
AVIRA Desktop for Windows Buffer Overflow in Processing ACE Archives May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Java Application Server Discloses Web Application Jar File Contents to Remote Users. Read more

securitytracker.com:
Java for Apple Mac OS X Extensions Bug Lets Remote Users Gain Elevated Privileges and ServerSocket Bug Lets Remote Users Intercept Data. Read more

securitytracker.com:
Java for Apple Mac OS X Has Temporary File Flaws That May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Linksys WRT54G Router Administration Interface Bugs Let Remote Users Modify the Configuration, Execute Arbitrary Code, or Deny Service. Read more

securitytracker.com:
ActivePerl May Crash When Compiling Certain Perl Scripts. Read more

securitytracker.com:
Subscribe Me Pro Input Validation Bug in 's.pl' Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Enigmail May Select the Incorrect Key For Mail Encryption. Read more

securitytracker.com:
COOL! Remote Control Lets Remote Users Crash the Service or Disconnect Connections. Read more

securitytracker.com:
XFree86 pixmap Integer Overflows May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
pam_per_user Authentication Error Lets Remote Users With Valid Credentials Access Other User Accounts. Read more

securitytracker.com:
Sawmill Input Validation Error in Web Administration Interface Permits Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Wireless Tools Local Buffer Overflow (Iwconfig, Exploit). Read more

www.securiteam.com:
Fastream NETFile FTP/Web Server HTTP HEAD DoS (Exploit). Read more

www.securiteam.com:
GNU Mailutils imap4d 'search' Format String (Exploit). Read more

 

News
www.theregister.co.uk:
Demon founder pleads guilty to email hacking. Read more

software.silicon.com:
Longhorn Server will 'fix itself on the fly'. Read more

www.it-observer.com:
Microsoft dumps Vulnerable Encryption Algorithms. Read more

informationweek.com:
Microsoft Previews Security Features Of Upcoming Windows Vista. Read more

www.vnunet.com:
Microsoft blames time constraints for pulled patch. Read more

www.securityfocus.com:
Key clicks betray passwords, typed text. Read more

blogs.technet.com:
What I Worry About When Web Publishing. Read more

www.cioinsight.com:
Security Relaxes as IT Threats Increase. Read more

www.imperial.ac.uk:
New Microchip Design Could Be The Key To Expanding Mobile Phone Memory. Read more

. 15 September 2005

Guides, Papers, etc
www.benedelman.org:
How Affiliate Programs Fund Spyware. Read more

www.securityfocus.com:
Crime? What crime? Read more

www.thisdayonline.com:
Why Cyber Crime Persists in Nigeria. Read more

blogs.msdn.com:
Why not use hashes for the Anti-Phishing Filter? Read more

www.f-secure.com:
A video of Cabir infecting another phone (WMV 17.2MB file). Watch Video

www.f-secure.com:
A video of Commwarrior trying to connect several phones at the same time (1654k file). Watch Video

www.usdoj.gov:
MASSACHUSETTS TEEN CONVICTED FOR HACKING INTO INTERNET AND TELEPHONE SERVICE PROVIDERS AND MAKING BOMB THREATS TO HIGH SCHOOLS IN MASSACHUSETTS AND FLORIDA. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
ATUTOR 1.5.1 (possibly prior versions) SQL INJECTION / ADMIN & USERS CREDENTIALS DISCLOSURE / INFORMATION DISCLOSURE / USER IMPERSONATION / REMOTE CODE EXECUTION. Read more

secunia.com:
Linksys WRT54G Multiple Vulnerabilities. Read more

www.red-database-security.com:
SQL Injection in Oracle Reports V1.00. Read more

www.debian.org:
DSA-812-1 turqstat -- buffer overflow. Read more

www.heise.de:
Internet Explorer ignores NUL characters -- i.e. ascii characters with the value 0x00 -- most security software does not. (German Language) Read more

www.securiteam.com:
VisualBoy Advanced Local Buffer Overflow (Exploit). Read more

www.securiteam.com:
Counter Strike 2D DoS (Exploit). Read more

www.avira.com:
Security advisory: AVIRA Desktop for Windows patched against vulnerability. Read more

 

News
www.theregister.co.uk:
Google and Microsoft both claim victory in court. Read more

www.informationweek.com:
One-In-Six Spyware Apps Tries To Steal Identities. Read more

www.theinquirer.net:
Child gets 11 months for hacking Paris Hilton. Read more

www.techweb.com:
Phoney Anti-Spyware Software Lures Unsuspecting Users. Read more

www.lightreading.com:
Verso Intros Skype Filter. Read more

www.sophos.com:
Japanese phisher walks free from court, Sophos comments on conviction. Read more

www.theregister.co.uk:
Microsoft smack down with WWF. Read more

www.vnunet.com:
Corporate PC users ignore phishing risks. Read more

. 14 September 2005

Guides, Papers, etc
download.microsoft.com:
Tour around Microsoft's Security Response Center. Watch Video

reviews.cnet.com:
A virtual den of thieves. Read more

www.theregister.co.uk:
Google Earth threatens democracy. Read more

business.timesonline.co.uk:
How to beat the menace of net fraud. Read more

www.cs.berkeley.edu:
Keyboard Acoustic Emanations Revisited. Read more

www.schneier.com:
A Cryptographic Evaluation of IPsec. Read more

www.lurhq.com:
MS05-039 PNP Worms. Read more

news.bbc.co.uk:
Data dangers dog hard drive sales. Read more

 

Tools:
www.insecure.org:
Nmap 3.93 Released. Read more

www.f-secure.com:
F-Secure Messaging Security Gateway. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Microsoft Windows CSRSS Local Privileges Escalation (MS05-018, Exploit). Read more

www.securiteam.com:
Counter Strike 2D DoS (Exploit). Read more

www.securiteam.com:
Man2web CGI Command Execution. Read more

www.securiteam.com:
CUPS Dot-Slash DoS. Read more

www.securiteam.com:
Adobe Version Cue VCNative Privileges Escalation (Exploit). Read more

www.securiteam.com:
Adobe Version Cue VCNative Symlink Attack (Exploit). Read more

www.securiteam.com:
phpLDAPadmin Command Execution (Exploit). Read more

www.idefense.com:
Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability. Read more

 

News
www.securityfocus.com:
Microsoft's delay to patch fuels concerns. Read more

www.vnunet.com:
VoIP provider spills customer emails. Read more

news.zdnet.com:
Zotob suspect appears in court. Read more

www.terra.net.lb:
Moroccan not responsible for 'Zotob' computer virus: lawyer. Read more

www.usdoj.gov:
FEDERAL JURY CONVICTS FORMER TECHNOLOGY MANAGER OF COMPUTER HACKING OFFENSE. Read more

www.smh.com.au:
Man broke into boss' PC: court. Read more

www.freedom-to-tinker.com:
Consortium �Acoustic Snooping on Typed Information. Read more

www.vnunet.com:
Phishers cast net for CompuServe users. Read more

money.cnn.com:
Judge OKs Google's Microsoft hire. Read more

www.theregister.co.uk:
Novell spies MS Vista launch opportunity. Read more

www.greenwichtime.com:
Samsung Unveils New Flash Memory Chip. Read more

. 13 September 2005

Guides, Papers, etc
www.pewinternet.org:
Spyware. The threat of unwanted software programs is changing the way people use the internet. Read more

www.computerworld.com:
What mutating spyware reveals about the future of security. Read more

www.tik.ee.ethz.ch:
Experiences with Worm Propagation Simulations. Read more

 

Tools:
www.techweb.com:
VMware Workstation 5.5 Released In Beta. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution. Read more

www.vulnfact.com:
Snort <= 2.4.0 SACK TCP Option Error Handling. Read more

www.debian.org:
DSA-809-1 squid -- several vulnerabilities. Read more

www.debian.org:
DSA-808-1 tdiary -- design error. Read more

www.debian.org:
DSA-807-1 libapache-mod-ssl -- acl restriction bypass. Read more

securitytracker.com:
Mail-it Now! Upload2Server Attachment Upload Feature Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Spymac Web OS Input Validation Hole in 'category' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Mall23 Input Validation Flaw in 'infopage.asp' Permits SQL Injection. Read more

 

News
www.theregister.co.uk:
MS pulls upcoming Windows security patch. Read more

www.theregister.co.uk:
eBay buys Skype. Read more

www.techweb.com:
Execs: EBay Plans To Keep Skype 'Separate,' For Now. Read more

www.theregister.co.uk:
Bot herder websites in internet take-down. Read more

www.techweb.com:
Ask Jeeves Software Marked By Anti-Spyware Vendors. Read more

www.theregister.co.uk:
Mozilla disables IDN to guard against Firefox flaw. Read more

english.yna.co.kr:
Microsoft rejects S. Korea's demand for continued security patches. Read more

searchenterprisevoice.techtarget.com:
VoIP turns up the heat on firewalls. Read more

www.crn.com:
Symantec President Jumps To Business Objects. Read more

www.silicon.com:
CIO Jury: ISPs blamed over corporate security threats. Read more

news.bbc.co.uk:
Data dangers dog hard drive sales. Read more

www.theregister.co.uk:
Meg Whitman's $2.6bn spam goof? Read more

news.bbc.co.uk:
Chinese pop idol thrives online. Read more

. 12 September 2005

Guides, Papers, etc
news.bbc.co.uk:
The cost of online anonymity. Read more

www.filefarmer.com:
Tech Shows, a list of the best free downloadable tech/gaming shows currently available on the Internet. Read more

www.ranum.com:
The Six Dumbest Ideas in Computer Security. Read more

 

Tools:
www.phoneyworld.com:
IM Fone - Bluetooth based device allows using cell phone to make calls via IM. Read more

www.geekzone.co.nz:
Samsung Creates Flash Memory Capable of Replacing HDD in Laptops. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
Mail-it Now! 1.5 contact.php remote code execution. Read more

 

News
software.silicon.com:
Beware Firefox buffer-overflow flaw, says Ferris. Read more

www.theregister.co.uk:
China blocks Skype, VoIP. Read more

www.computerworld.com.au:
New course reveals hackers' tricks. Read more

www.geekzone.co.nz:
Windows Vista To Come In Seven Editions. Read more

www.computerworld.com.au:
Microsoft tries, and fails, to recruit open-source guru. Read more

. 11 September 2005

Guides, Papers, etc
www.securitypark.co.uk:
The Latest in Internet Attacks: Web Application Worms. Read more

www.securitypark.co.uk:
The Diary of a Penetration Tester. Read more

www.securitypark.co.uk:
Encryption is the missing defence tool in many companies' security policy. Read more

www.securitypark.co.uk:
Evaluating Additional Security Risks: Spyware and Adware. Read more

astalavista.com:
Astalavista Group Security Newsletter Issue 20 - 30 August 2005. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
GNU Mailutils imap4d Format String Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PhpTagCool Input Validation Flaw in 'X-Forwarded-For' Permits SQL Injection Attacks. Read more

securitytracker.com:
Mozilla Firefox Buffer Overflow in Processing Hostnames May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Java Web Proxy Server Error in Processing Certain POST Requests May Let Remote Users Deny Service. Read more

securitytracker.com:
mimicboard2 Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Cisco Content Services Switches Let Remote Users Bypass SSL Authentication. Read more

securitytracker.com:
NOD32 for Windows Buffer Overflow in Processing ARJ Archives May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
class-1 Forum Software File Upload Feature Lets Remote Users Upload and Execute Arbitrary Code. Read more

securitytracker.com:
Sophos Anti-Virus Mailbox Scanning Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Symantec Brightmail AntiSpam Errors in Processing WINMAIL.DAT Files and Nested Zip Files Let Remote Users Deny Service. Read more

 

News
www.computerworld.com:
Morocco to try suspected computer worm author. Read more

news.bbc.co.uk:
Google snaps up internet pioneer. Read more

www.wired.com:
PayPal Freezes Out Katrina Aid. Read more

news.com.com:
GoFish to unveil advanced search engine. Read more

. 10 September 2005

Guides, Papers, etc
pcworld.com:
20 Things They Don't Want You to Know. Read more

www.eweek.com:
By Larry Seltzer: elective Disclosure Raises Questions. Read more

nwc.networkingpipeline.com:
The Four Most Common Security Dangers. Read more

www.securityfocus.com:
Embedded market ripe for picking. Read more

www.it-observer.com:
How Secure are current mobile operating systems. Read more

www.identitytheftsecrets.com:
PayPal phishing video example. Watch

www.microsoft.com:
Instant messaging safety and privacy tips. Read more

www.microsoft.com:
Tips for avoiding online donation scams. Read more

www.windowsecurity.com:
Controlling Windows Services and Service Accounts. Read more

blogs.msdn.com:
Phishing Filter in IE7. Read more

www.bit-tech.net:
Vista is a hardware beast. Read more

 

Tools:
www.tomshardware.com:
Windows In Your Pocket
The Bart PE Builder software utility takes Windows XP and shrinks the OS to your USB flash drive. Besides converting your mini- drive into an emergency boot disk, you can use the utility to load a Web browser, media burning software and more - to have handy anywhere you go. Read more

 

Vulnerabilities & Exploits
security-protocols.com:
Mozilla Firefox "Host:" Buffer Overflow. Read more

addons.mozilla.org:
What Firefox and Mozilla users should know about the IDN buffer overflow security issue. Read more

www.debian.org:
DSA-806-1 gcvs -- insecure temporary files. Read more

www.idefense.com:
GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability. Read more

 

News
www.usdoj.gov:
Creator and Four Users of Loverspy Spyware Program Indicted. Read more

today.reuters.com:
China Telecom said to block Skype. Read more

www.theregister.co.uk:
Firefox blighted by unpatched bug. Read more

news.zdnet.co.uk:
Sophos warns against antivirus dependence. Read more

austin.bizjournals.com:
UT hacker gets five years' probation. Read more

. 09 September 2005

Guides, Papers, etc
www.benedelman.org:
How Expedia Funds Spyware. Read more

news.zdnet.com:
Video on RootKits. Read more

i.cmpnet.com:
The Security of Software Phones. Read more

songsim.catholic.ac.kr:
Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive Learning. Read more

astalavista.com:
Understanding a hacker�s mind � A psychological insight into the hijacking of identities. Read more

astalavista.com:
Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. Read more

business.timesonline.co.uk:
Free calls on the internet: what are the options? Read more

 

Tools:
www.insecure.org:
Nmap 3.90 Released. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
NOD32 AntiVirus ARJ Archive Handling Buffer Overflow Vulnerability. Read more

ingehenriksen.blogspot.com:
IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV. Read more

securitytracker.com:
WebArchiveX 'Safe for Scripting' Setting Lets Remote Users Read and Write Files. Read more

securitytracker.com:
WEB//NEWS Input Validation Hole in 'modules/startup.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Cisco IOS Buffer Overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions May Let Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Microsoft Windows CSRSS Local Privileges Escalation (MS05-018, Exploit). Read more

www.debian.org:
DSA-805-1 apache2 -- remote. Read more

www.debian.org:
DSA-804-1 kdelibs -- insecure permissions. Read more

www.debian.org:
DSA-803-1 apache -- programming error. Read more

 

News
news.zdnet.co.uk:
Symantec 'expecting Net attack'. Read more

www.theregister.co.uk:
Playing the phishing blame game. Read more

www.techworld.com:
eEye spots another gaping hole in Outlook and Explorer. Read more

informationweek.com:
New Flaw Exposes Cisco Routers To Hackers, DoS Attacks. Read more

www.computerworld.com:
Microsoft alerts users to firewall flaw. Read more

news.zdnet.co.uk:
Microsoft turns to Spamhaus for security help. Read more

www.techworld.com:
Opinion: Where are the men in black? Read more

blogs.zdnet.com:
180solutions explains new technology. Read more

news.zdnet.com:
Adware maker seeks to thwart rogue installs. Read more

www.sptimes.com:
ID theft ring proves difficult to stop. Read more

. 08 September 2005

Guides, Papers, etc
www.unixwiz.net:
An Illustrated Guide to IPSec. Read more

www.securityfocus.com:
Big debate over small packets. Read more

www.securityfocus.com:
A changing landscape. Read more

www.windowsecurity.com:
How to Use Microsoft�s Shared Computer Toolkit. Read more

www.cc.gatech.edu:
Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic. Read more

 

Tools:
atomchip.com:
US 'world genius' touts 6.8GHz 'quantum-optical' CPU. Read more

www.pbs.org:
NerdTV available by free Internet download. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
class-1 Forum Software v 0.24.4 Remote code execution. Read more

www.cisco.com:
Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow. Read more

securitytracker.com:
Squid 'STORE_PENDING' Race Condition May Let Remote Users Deny Service. Read more

securitytracker.com:
ALZip Buffer Overflow UNACEV2.DLL Lets Remote Users Cause Arbitrary Code to Be Executed. Read more

securitytracker.com:
Smb4K Unsafe Temporary File Lets Local Users Obtain Potentially Sensitive Information. Read more

securitytracker.com:
PBLang Bug Lets Remote Users Execute Commands via '/db/members' Files and View Files on the System Using 'setcookie.php'. Read more

securitytracker.com:
CVS Unsafe Temporary Files in 'cvsbug' May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
SqWebMail Lets Remote Users Inject Scripting Code via 'Conditional Comments'. Read more

 

News
www.theregister.co.uk:
'China has f*cked us' - Bill Gates. Read more

www.sfexaminer.com:
Cybercrime on the rise. Read more

www.theregister.co.uk:
E-banking security provokes fear or indifference. Read more

www.presstelegram.com:
:Nation: FBI puts number of Katrina-related Web sites at '2,300 and rising.'. Read more

software.silicon.com:
Cisco issues cyber attack alert. Read more

www.vnunet.com:
US losing battle against identity theft. Read more

www.zdnetasia.com:
Bug hunters, software firms in uneasy alliance. Read more

www.it-observer.com:
Intel Enters Anti-Virus Market. Read more

online.wsj.com:
New Search Engines Help Users Find Blogs. Read more

www.scmagazine.com:
Symantec patches corporate anti-virus software. Read more

www.theregister.co.uk:
Four women finger NY subway perv. Read more

www.theregister.co.uk:
Microsoft sues EC. Read more

news.bbc.co.uk:
Firms face moral dilemma in China. Read more

www.it-observer.com:
Podslurping and Bluesnarfing � The latest IT threats. Read more

. 07 September 2005

Guides, Papers, etc
Protecting Free Expression Online with Freenet. Read more

www.eweek.com:
By Larry Seltzer: Gee, I Think I Have a Virus. Read more

www.cs.ucsd.edu:
Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. Read more

www.cs.ucsd.edu:
Fatih: Detecting and Isolating Malicious Routers. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure. Read more

www.debian.org:
DSA-802-1 cvs -- insecure temporary files. Read more

www.frsirt.com:
Rediff Bol Windows Address Book Information Disclosure Vulnerability. Read more

securitytracker.com:
OpenTTD Format String Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
[Vendor Disputes Original Description of Vulnerability] USB LOCK AP Uses Weak Password Encoding. Read more

securitytracker.com:
KDE kcheckpass Lock File Bug May Let Local Users Grab Root Privileges. Read more

securitytracker.com:
HP OpenView Event Correlation Services Input Validation Hole in 'ecscmg.ovpl' Lets Remote Users Execute Arbitrary Commands. Read more

www.securiteam.com:
Man2web CGI Command Execution. Read more

www.securiteam.com:
CUPS Dot-Slash DoS. Read more

www.securiteam.com:
Adobe Version Cue VCNative Privileges Escalation (Exploit). Read more

www.securiteam.com:
Adobe Version Cue VCNative Symlink Attack (Exploit). Read more

 

News
news.zdnet.com:
Bug hunters, software firms in uneasy alliance. Read more

software.silicon.com:
Yahoo! accused of hosting thousands of phishing sites. Read more

news.zdnet.co.uk:
Microsoft security chief bitten by rogue dialler. Read more

news.zdnet.co.uk:
Security worries holding back online banking. Read more

www.smh.com.au:
Yahoo! helped China jail journalist: claim. Read more

www.smh.com.au:
Korrr...ann! As trojan turns porn to sacred verse. Read more

www.technewsworld.com/:
'Big Brother'-Like Monitoring Growing at Work. Read more

www.chron.com:
Ex-student sentenced in UT computer hacking case. Read more

www.theregister.co.uk:
Dutch ISPs sue government for wiretapping costs. Read more

software.silicon.com:
Fighting back against the phishers. Read more

www.theinquirer.net:
No one has really won the Kazaa victory. Read more

www.theregister.co.uk:
Skype honeypot snares dirty IMers. Read more

. 06 September 2005

Guides, Papers, etc
www.aa419.org:
List of 419 fake banks and lottery websites. Read more

www.gont.com.ar:
ICMP attacks against TCP. Read more

searchenginewatch.com:
Hacking Google Earth. Read more

www.computeractive.co.uk:
A close look at web browser security. Read more

www.informationweek.com:
Top 10 Mobile Device Privacy Policies. Read more

wwwcsif.cs.ucdavis.edu:
On Deriving Unknown Vulnerabilities from ZeroDay Polymorphic and Metamorphic Worm Exploits. Read more

www.infectionvectors.com:
Just in Time: Microsoft Time to Exploit 2 May � August 2005. Read more

www.infectionvectors.com:
Arrest-tob: Alleged Zotob Authors Captured. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting. Read more

rgod.altervista.org:
MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure. Read more

www.debian.org:
DSA-801-1 ntp -- programming error. Read more

www.infogreg.com:
Rediff Bol 7.0 exposes WAB (Windows Address Book) Contacts. Read more

 

News
www.theregister.co.uk:
'Islamic Trojan' disrupts smut surfing. Read mre

www.zdnet.com.au:
Intel inside: Self-healing PCs. Read more

www.eweek.com:
Symantec Anti-Virus Tool Puts Server Passwords in Danger. Read more

www.eweek.com:
Vista Feature Protects Data from Reboots. Read more

news.bbc.co.uk:
Kazaa hit by file-sharing ruling. Read more

news.bbc.co.uk:
Money motive drove virus suspects. Read more

seattlepi.nwsource.com:
Is Google in danger of losing its quirky appeal? Read more

software.silicon.com:
Symbian resolute in face of mobile virus row. Read more

. 05 September 2005

Guides, Papers, etc
www.iis.sinica.edu.tw:
ACM Symposium on InformAtion, Computer and Communications Security(ASIACCS'06). Read more

www.sans.org:
A Guide to Wardriving and Detecting Wardrivers. Read more

www.sans.org:
Windows XP: Surviving the First Day. Read more

www.informationweek.com:
Case Study: How One Bank Is Beating Fraud. Read more

dozleng.com:
3 important steps in creating a password. Read more

 

News
seattletimes.nwsource.com:
Microsoft plans to outsource more, says ex-worker. Read more

www.net4now.com:
Telewest to get new anti-virus technology. Read more

www.news-journalonline.com:
Officials: 16-year-olds hacked computer, changed grades. Read more

www.mozillazine.org:
Mozilla Firefox to Drop Support for SSL 2.0. Read more

mdn.mainichi-msn.co.jp:
Court rules file-swapping giant Kazaa breaches copyright in Australia. Read more

software.silicon.com:
Mobile phone viruses "massively over-hyped". Read more

www.iht.com:
Internet calling gets wider reception. Read more

news.bbc.co.uk:
Criminals to 'adapt to ID cards'. Read more

www.idm.net.au:
IIA aims to rid Australian desktops of spyware. Read more

. 04 September 2005

Guides, Papers, etc
www.post-gazette.com:
Gumshoe chases Internet villains in Eastern Europe.
Tracking down virus writers (including Benny from 29A). The main figure in the article is Peter Fifka, an ex-cop now working for Microsoft.
He's known in the industry as one of the best investigators in this field. Read more

www.time.com:
The Invasion Of The Chinese Cyberspies (And the Man Who Tried to Stop Them).
An exclusive look at how the hackers called TITAN RAIN are stealing U.S. secrets. Read more

astalavista.com:
Astalavista Group Security Newsletter Issue 19. Read more

www.identitytheftsecrets.com:
Identity Theft Secrets. Read more

www.computerworld.com:
Locking Down IM. Before you embrace instant messaging, be sure to address the risks. Read more

www.mcall.com:
Beware of hacker attacks at public Hotspots. Read more

www.crn.com.au:
How not to get hacked: Microsoft. Read more

www.ee.tamu.edu:
Detecting Traffic Anomalies through aggregate analysis of packet header data. Read more

 

Tools:
fail2ban.sourceforge.net:
Fail2Ban bans IP that makes too many password failures. Read more

www.cenzic.com:
Nessus Engine (Nessusd) Ported to Microsoft Windows. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
WebCalendar Include File Bug in 'includedir' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Urban Game Buffer Overflows Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
MAXdev MD-Pro Input Validation Holes in 'dl-search' and wl-search' Permit Cross-Site Scripting Attacks. Read more

 

News
www.sci-tech-today.com:
Microsoft Launches Internet Crime Portal. Read more

www.globetechnology.com:
Teens charged with hacking. Read more

news.com.com:
Are cybercops browser-challenged? Read more

www.gadsdentimes.com:
Convicted Florida hacker's once lavish life now gone. Read more

informationweek.com:
VoIP Marks Latest Microsoft-Google Battleground. Read more

. 03 September 2005

Guides, Papers, etc
www.microsoft.com:
Anti-phishing White Paper. Read more

www.informationweek.com:
New Generation Of Anti-Spyware Targets Network Safety. Read more

www.securityfocus.com:
A new way to bypass Windows heap protections. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Squid sslConnectTimeout() State Error Lets Remote Users Crash Squid. Read more

securitytracker.com:
OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases. Read more

securitytracker.com:
SILC Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
FlatNuke BBCode Image Tags Let Remote Users Obtain Information About Target Users. Read more

securitytracker.com:
Indiatimes Messenger Can Be Crashed With Specially Crafted Scripting Code. Read more

securitytracker.com:
PolyGen World-Writable Object Files May Let Local Users Fill Up Disk Space. Read more

securitytracker.com:
Barracuda Spam Firewall 'img.pl' Discloses Files to Remote Users and Permits Command Execution. Read more

www.debian.org:
DSA-800-1 pcre3 -- integer overflow. Read more

www.debian.org:
DSA-799-1 webcalendar -- remote code execution. Read more

www.debian.org:
DSA-798-1 phpgroupware -- several vulnerabilities. Read more

www.debian.org:
DSA-797-1 zsync -- denial of service. Read more

www.debian.org:
DSA-796-1 affix -- remote command execution. Read more

www.debian.org:
DSA-795-2 proftpd -- potential code execution. Read more

www.debian.org:
DSA-794-1 polygen -- programming error. Read more

www.debian.org:
DSA-793-1 courier -- missing input sanitising. Read more

 

News
news.zdnet.co.uk:
Netsky number one again. Read more

www.theregister.co.uk:
Trusted Computing standards won't apply to Vista - Schneier. Read more

www.theonion.com:
Google Announces Plan To Destroy All Information It Can't Index. Read more

news.bbc.co.uk:
Mobiles get anti-virus protection. Read more

www.theregister.co.uk:
419-lite fraudsters target Camelot. Read more

www.local6.com:
Fla. Man Accused Of Fraud On Hurricane Internet Sites. Read more

www.internetnews.com:
Suckers For Spam. Read more

www.crn.com.au:
How not to get hacked: Microsoft. Read more

news.zdnet.co.uk:
Windows Firewall flaw fixed. Read more

www.internetnews.com:
Longhorn For Itanium: High-End Only. Read more

www.zwire.com:
Identitly theft strilkes fear in reporter. Read more

www.internetnews.com:
Yahoo Funding Spyware? Read more

www.theregister.co.uk:
Skype signs-up first mobile carrier. Read more

news.bbc.co.uk:
Microsoft plans telephone service. Read more

. 02 September 2005

Guides, Papers, etc
www.securityfocus.com:
Exploiting Cisco with FX. Read more

www.windowsecurity.com:
Pushing Out Security Settings that are Configured in the Registry. Read more

www.time.com:
The Invasion Of The Chinese Cyberspies (And the Man Who Tried to Stop Them). Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Novell NetMail IMAPD Command Continuation Request Heap Overflow. Read more

www.idefense.com:
3Com Network Supervisor Directory Traversal Vulnerability. Read more

securitytracker.com:
Reflection for Secure IT Multiple Bugs May Let Local Users Obtain Host Keys or Let Remote Users Access Certain Accounts or Systems. Read more

securitytracker.com:
Symantec Anti Virus Internal LiveUpdate Feature Discloses Passwords to Local Users. Read more

securitytracker.com:
Apach ssl_hook_Access() Function May Fail to Verify Client Certificates. Read more

securitytracker.com:
phpGroupWare Main Screen Message Lets Remote Authenticated Administrators Inject HTML Code. Read more

securitytracker.com:
SlimFTPd USER and PASS Commands Let Remote Users Deny Service. Read more

securitytracker.com:
DameWare Mini Remote Control Buffer Overflow in 'username' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules. Read more

www.securiteam.com:
phpLDAPadmin Command Execution (Exploit). Read more

www.securiteam.com:
SimpleProxy Local Format String (Exploit). Read more

 

News
software.silicon.com:
Windows Firewall flaw causes port hazard. Read more

www.zdnet.com.au:
Symantec probes report of antivirus flaw. Read more

www.zdnet.com.au:
Microsoft makes Unix changes. Read more

www.zdnet.com.au:
Microsoft unveils Freeze Dry for Windows Vista. Read more

www.benedelman.org:
How Yahoo Funds Spyware. Read more

www.f-secure.com:
"Hurricane Katrina" spam message downloads trojans. Read more

www.theregister.co.uk:
DVD Jon hacks Media Player file encryption. Read more

www.theregister.co.uk:
US-only trials for MS anti-phishing toolbar. Read more

www.theregister.co.uk:
MyTob and NetSky-P dominate August viral charts. Read more

star-techcentral.com:
Games hackers play. Read more

www.fcw.com:
Army to better monitor blogs, Web sites. Read more

www.zdnet.com.au:
Microsoft claims secure development success. Read more

www.wired.com:
Never Forget Another Password. Read more

www.theregister.co.uk:
Creative MP3 players ship with virus. Read more

www.wired.com:
Flood Waters Can't Sink Net Link. Read more

www.wired.com:
Craigslist Versus Katrina. Read more

. 01 September 2005

Trojan News August

 

Guides, Papers, etc
www.globetechnology.com:
The truth about security. Read more

www.windowsecurity.com:
Packet analysis tools and methodology (Part 1). Read more

informationweek.com:
Analysis: Microsoft Moves Deeper Into VoIP. Read more

www.timesonline.co.uk:
Should possession of violent pornography be a criminal offence? Read more

 

Tools:
addins.msn.com:
Microsoft� Phishing Filter Add-in for MSN� Search Toolbar (Beta). Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
Flatnuke 2.5.6 enENa2 (possibly prior versions) user IP address / information disclosure. Read more

www.debian.org:
DSA-792-1 pstotext -- missing input sanitising. Read more

www.debian.org:
DSA-791-1 maildrop -- missing privilege release. Read more

www.debian.org:
DSA-790-1 phpldapadmin -- programming error. Read more

secway.org:
BNBT EasyTracker Remote Denial of Service Vulnerability. Read more

securitytracker.com:
SMF Avatar Image Implementation Lets Remote Users Obtain Information About Target Users. Read more

securitytracker.com:
DownFile Grants Administrative Access to Remote Users and Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service. Read more

securitytracker.com:
Maildrop Lets Local Users Execute Arbitrary Programs with Elevated Privileges. Read more

securitytracker.com:
FlatNuke 'id' Parameter Discloses Files to Remote Users and Other Bugs Permit Cross-Site Scripting and Denial of Service Attacks. Read more

securitytracker.com:
BNBT EasyTracker Can Be Crashed By Remote Users. Read more

 

News
www.securityfocus.com:
Hidden-code flaw in Windows renews worries over stealthly malware. Read more

software.silicon.com:
Microsoft's anti-phishing filter makes beta debut. Read more

www.pcmag.com:
Creative MP3 Players Shipped With Windows Virus. Read more

www.vnunet.com:
Cyber-cops arrest 16 more Zotob suspects. Read more

news.com.com:
F-Secure: Commwarrior claims first big victim. Read more

news.com.com:
New Microsoft portal will help cops. Read more

www.theregister.co.uk:
HP warns over OpenView flaw. Read more

news.com.com:
Alternative browsers pose challenge for cybersleuths. Read more

www.tomshardware.com:
Microsoft unexpectedly releases WinFS into Beta 1 cycle. Read more

www.vnunet.com:
Ignorance increases online risks for users. Read more

www.fcw.com:
Companies faulted for shipping flawed software. Read more

www.zdnet.com.au:
Fake Yahoo site phishes for identities. Read more

news.com.com:
Man faces new charges in ChoicePoint ID theft. Read more

software.silicon.com:
'Track your lover' spyware seller and customers indicted. Read more

www.theinquirer.net:
Microsoft tightens video content security. Read more

www.montereyherald.com:
Cyber police gather at Hyatt. Read more

www.vnunet.com:
US tests $3.5m computerised lie detector. Read more

today.reuters.com:
Recording industry sues more U.S. file-swappers. Read more

www.internetnews.com:
L.A. Cracks Internet Warez Ring. Read more

www.theregister.co.uk:
NY subway perv busted by mobe snap. Read more


Copyright� MegaSecurity.org