Home    News Archive    Translate Traducen
News October 2005
31 October 2005

Guides, Papers, etc
moneycentral.msn.com:
22 ways to foil credit card thieves. Read more

nwc.securitypipeline.com:
IT Security In China Shows Cracks. Read more

www.infectionvectors.com:
Shoot the Messenger: IM Worms. Read more

www.redherring.com:
Blue Security Spams Spammers. Read more

www.eweek.com:
Shutting Down the Highway to Internet Hell. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability. Read more

 

News
news.zdnet.co.uk:
Zombie masters hunted down. Read more

news.bbc.co.uk:
Campaign to combat 'cyber crime'. Read more

www.dw-world.de:
Internet Fraud Costs Europe Millions. Read more

www.thenewstribune.com:
Banks fight online fraud. Read more

www.informationweek.com:
Rootkit-Armed Worm Attacking AIM. Read more

pittsburghlive.com:
No longer lost in translation. Read more

news.com.com:
Google wants to dominate Madison Avenue, too. Read more

www.esecurityplanet.com:
SMBs Getting Hammered by New Threats. Read more

today.reuters.co.uk:
"Sophisticated" eBay fraudsters jailed in Britain. Read more

www.networkworld.com:
Bring on the wireless apps, users tell WiMAX World. Read more

www.vnunet.com:
IBM signs up for Google Desktop Search. Read more

cooltech.iafrica.com:
Supercomputer beats own record. Read more

www.m-travel.com:
Google introduces a new search feature. Read more

. 29 October 2005

Guides, Papers, etc
rfidanalysis.or:
Security Analysis of a Cryptographically-Enabled RFID Device. Read more

www.securiteam.com:
How-To: Hack NetStumbler to Enable Wireless Zero Configuration. Read more

www.vnunet.com:
Exclusive vnunet.com interview: Carrot and stick approach to internet safety. Read more

www-users.cs.umn.edu:
Worms: Taxonomy and Detection. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-878-1 netpbm-free -- buffer overflow. Read more

www.debian.org:
DSA-877-1 gnump3d -- cross-site scripting, directory traversal. Read more

 

News
seattlepi.nwsource.com:
Microsoft targets 'zombie' spam network. Read more

www.securityfocus.com:
Spam zombie, meet the Microsoft legal team. Read more

www.securityfocus.com:
U.S. makes securing SCADA systems a priority. Read more

www.channelregister.co.uk:
Microsoft warns that Korea may have to do without Windows. Read more

news.zdnet.com:
AIM worm plays nasty new trick. Read more

management.silicon.com:
Exclusive: The cost of joining Get Safe Online. Read more

news.bbc.co.uk:
US internet use rises as do fears. Read more

www.technewsworld.com:
Tough State Laws Won't Stop 'Phishing' Scams, Experts Say. Read more

www.latimes.com:
Hijacker of 'Sex.com' Is Arrested. Read more

. 28 October 2005

Guides, Papers, etc
www.antispywarecoalition.org:
Anti-Spyware Coalition Risk Model Description. Read more

www.irishdev.com:
Stopping Zombies Before They Attack. Read more

www.windowsecurity.com:
Delegating Group Policy Privilege using the GPMC. Read more

www.pcworld.com:
Privacy Watch: Who's Your Software Talking To? Read more

news.com.com:
FAQ: Identity fraud uncovered. Read more

www.securitypipeline.com:
10 Security Myths That Need To Be Put To Rest. Read more

www.sans.org:
An Assessment of the Oracle Password Hashing Algorithm. Read more

www.eweek.com:
By Larry Seltzer. Who's Getting Rich in the .Com Market? Read more

news.com.com:
Photos. Supercomputers ready for work. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PAM with SELinux Lets Local Users Invoke unix_chkpwd to Conduct Password Guessing Attacks. Read more

securitytracker.com:
Mantis Include File in 't_core_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-876-1 lynx-ssl -- buffer overflow. Read more

www.debian.org:
DSA-875-1 openssl094 -- cryptographic weakness. Read more

www.debian.org:
DSA-874-1 lynx -- buffer overflow. Read more

 

News
www.securitypipeline.com:
Microsoft Hunts For Zombie Spammers. Read more

www.vnunet.com:
Microsoft takes on spamming botnets. Read more

www.computerworld.com.au:
Microsoft outlines Explorer 7 security changes. Read more

www.smh.com.au:
Online banking syndicate cracked. Read more

www.theregister.co.uk:
Malware authors unleash bird flu-themed Trojan. Read more

www.techweb.com:
Summer's Zotob Attack Cost Companies $100K Each In Clean-Up. Read more

news.bbc.co.uk:
Microsoft aims to trounce Google. Read more

www.theregister.co.uk:
Gates pitches child protection tech to French. Read more

today.reuters.com:
Microsoft threatens to withdraw Windows in S.Korea. Read more

news.com.com:
Microsoft's 'big bang' could be its last. Read more

www.computerworld.com:
Judge questions Microsoft project delays. Read more

www.washingtonpost.com:
New Rules On Internet Wiretapping Challenged. Read more

software.silicon.com:
Oracle password system under fire. Read more

news.zdnet.com:
Motorola, Intel team on mobile WiMax. Read more

. 27 October 2005

Guides, Papers, etc
www.ifs.tuwien.ac.at:
ARES 2006. The First International Conference on Availability, Reliability and Security. Read more

www.windowsecurity.com:
Shells for Sale! (Part 1). Read more

www.insecuremagazine.com:
(IN)SECURE Magazine 1.3. Read more

www.skype.com:
SKYPE SECURITY EVALUATION. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
libgda2 Format String Bugs May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
gCards 'news.php' Input Validation Error in 'limit' Parameter May Permit SQL Injection Attacks. Read more

securitytracker.com:
RSA ACE/Agent for Web Input Validation Error in 'image' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Snoopy Input Validation Hole in _httpsrequest() Lets Remote Execute Arbitrary Commands. Read more

www.skype.net:
SKYPE-SB/2005-003: Heap overflow in networking routine. Read more

www.debian.org:
DSA-873-1 net-snmp -- programming error. Read more

www.debian.org:
DSA-872-1 koffice -- buffer overflow. Read more

www.sven-tantau.de:
chmlib exploitable buffer overflow. Read more

 

News
news.bbc.co.uk:
Net users told to get safe online. Read more

cgi.ebay.com:
Gates for Sale on eBay. Read more

www.vnunet.com:
Skype fixes three critical flaws. Read more

news.bbc.co.uk:
Keeping net users safe from harm. Read more

loosewire.typepad.com:
ZoneAlarm's Sneaky Spyware Scare? Read more

news.bbc.co.uk:
Microsoft joins book search plan. Read more

today.reuters.com:
Gates foresees Chinese, Indian competitors. Read more

www.terra.net.lb:
Gates hails Israel's hi-tech know-how. Read more

www.betanews.com:
Gates: Microsoft Not Afraid of Google. Read more

www.zdnet.com.au:
Microsoft adds to OneCare security beta. Read more

www.commsdesign.com:
Microsoft, Nokia team on security appliance. Read more

www.securityfocus.com:
Web defacer sentenced, facing deportation. Read more

www.securityfocus.com:
DNS trust issues. Read more

www.theregister.co.uk:
Cyber-cafe owner arrested for turfing out 419 fraud. Read more

. 26 October 2005

Guides, Papers, etc
www.securityelf.org:
The Magic of magic byte. Read more

www.voipsa.org:
VoIP Security and Privacy Threat Taxonomy. Read more

www.securityfocus.com:
VoIP security threats defined. Read more

www.securityfocus.com:
Exploit published for Snort open-source IDS. Read more

www.betanews.com:
Chasing Vulnerabilities for Fun and Profit. Read more

www.newsfactor.com:
Are You Ready To Be Hacked? Read more

en.wikiquote.org:
Bill Gates. Read more

Software Misuse: from malicious actions to mind control. Read more

www.mikeindustries.com:
How to Snatch an Expiring Domain. Read more

www.cl.cam.ac.uk:
Phantom withdrawals, on-line resources for victims of ATM fraud. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
New Skype vulnerabilities. Read more

securitytracker.com:
Network Appliance Data ONTAP iSCSI Security Controls Can Be Bypassed. Read more

securitytracker.com:
PHP iCalendar Input Validation Holes Permit Remote Code Execution and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Internet Explorer J2SE Runtime Environment Bug Lets Remote Users Crash the Target User's Browser. Read more

securitytracker.com:
ar-blog Bugs Let Remote Users Bypass Authentication or Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
SCO OpenServer Buffer Overflow in authsh and backupsh Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
SCO UnixWare Buffer Overflow in ppp Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Symantec Discovery Creates Database Accounts Without Passwords. Read more

securitytracker.com:
BMC CONTROL-M Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
DBoardGear Input Validation Bugs in 'buddy.php' and 'u2u.php' May Permit SQL Injection Attacks. Read more

www.debian.org:
DSA-871-1 libgda2 -- format string. Read more

www.debian.org:
DSA-870-1 sudo -- missing input sanitising. Read more

 

News
www.theregister.co.uk:
MS adopts stronger encryption for IE7. Read more

www.theregister.co.uk:
Scramble to fix Skype security bug. Read more

www.theregister.co.uk:
VoIP security framework erected. Read more

www.computerworld.com.au:
MessageLabs Survey Finds Spyware No.1 Web Security Issue for Australian Businesses. Read more

www.eweek.com:
Windows OneCare Refresh Adds MSN Messenger Scanning. Read more

www.net-security.org:
12 Months of Progress for the Microsoft Security Response Centre. Read more

www.techworld.com:
Cisco security head defends recent bug alerts. Read more

www.infoworld.com:
Microsoft security initiative in Germany moves forward. Read more

www.securitypark.co.uk:
Increasing demand for high quality security professionals. Read more

www.alpha.gr:
Alpha Bank. Fraud e-mail messages - Important announcement. Read more

www.finextra.com:
Phishers target Nordea's one-time password system. Read more

ww.sophos.com:
Sophos issues health warning after spammers peddle drugs to combat bird flu. Read more

www.betanews.com:
Microsoft Refreshes OneCare Beta. Read more

today.reuters.co.uk:
Skype adds new service as growth accelerates. Read more

www.redherring.com:
Google May Take on eBay. Read more

www.betanews.com:
Google to Offer Giant Web Database. Read more

. 25 October 2005

Guides, Papers, etc
dns.measurement-factory.com:
DOMAIN NAME SERVERS: PERVASIVE AND CRITICAL, YET OFTEN OVERLOOKED. Read more

blogs.msdn.com:
Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2. Read more

www.rootkit.com:
KEEPING BLIZZARD HONEST - Announcing the release of 'The Governor'. Read more

www.securityfocus.com:
The click-wrap conundrum. Read more

australianit.news.com.au:
Inside hackers' kindergarten. Read more

www.latimes.com:
Cyber scammers in Nigeria: 'I Will Eat Your Dollars'. Read more

www.bitdefender.com:
BitDefender's bug hunting contest is underway, and will reward the most prolific beta tester with 1000 German beers and a trip to Romania. Read more

www.itarchitect.com:
Strategies & Issues: Honeypots - Sticking It to Hackers. Read more

The Philippine Honeynet Project
Honeypots 101: A Brief History of Honeypots. Read more
Honeypots 101: Risks and Disadvantages. Read more
Honeypots 101: What�s in it for me? Read more

www.cse.msu.edu:
Can a Network be Protected from Single-Packet Warhol Worms? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
MWChat Input Validation Hole in 'Username' Permits SQL Injection Attacks. Read more

securitytracker.com:
Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service. Read more

securitytracker.com:
phpMyAdmin 'grab_globals.php' Lets Remote Users Include and Execute Local Files. Read more

securitytracker.com:
ZipGenius Buffer Overflows in Processing ACE and ZIP Archives and UUE Encoded Files Let Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Most DNS servers 'wide open' to attack. Read more

www.theregister.co.uk:
Virus writers craft PnP botnet client. Read more

www.securityfocus.com:
Software hack reveals online game maker's "spying". Read more

www.theregister.co.uk:
Flaw finders score loyalty rewards from iDefense. Read more

www.mb.com.ph:
The hacker as terrorist? Read more

management.silicon.com:
We need UN body to combat cyber crime, says MP. Read more

www.theregister.co.uk:
Met police hooks up with commonwealth to fight cybercrime. Read more

www.vnunet.com:
US agency to locate surfers by IP address. Read more

news.zdnet.co.uk:
Mobile adult sites face hacking threats. Read more

www.theregister.co.uk:
VMware sets partitioning software free . . . as in beer. Read more

www.redherring.com:
Iran Tightens Web Filters. Read more

www.redherring.com:
Yahoo�s Big Content Adventure. Read more

. 24 October 2005

Guides, Papers, etc
blog.outer-court.com:
A chat with the guy behind the recent MySpace XSS worm. Read more

www.windowsecurity.com:
New Security Features in IE 7.0. Read more

today.reuters.com:
More lawmakers back U.S. control of Internet. Read more

www.redherring.com:
Cashing In on Cyber Crime. Read more

www.telegraphindia.com:
Dangers of phishing and pharming. Read more

www.cs.berkeley.edu:
Semi-Supervised Learning on Email Characteristics for Novel Worm Detection. Read more

astalavista.com:
Anti-honeypot technology. Read more

astalavista.com:
Cloaking and Redirection: A Preliminary Study. Read more

googleblog.blogspot.com:
The point of Google Print. Read more

 

Vulnerabilities & Exploits
secunia.com:
ZipGenius Multiple Archive Handling Buffer Overflow. Read more

 

News
www.itnews.com.au:
Microsoft clarifies second critical Windows 2000 patch. Read more

software.silicon.com:
We need UN body to combat cyber crime, says MP. Read more

www.iht.com:
Universities balk at computer security rules. Read more

www.technewsworld.com:
Cybercrime Being Fought in New Ways. Read more

www.newsday.com:
Cyber crime grows up. Read more

www.pcworld.com:
School Traps Infected PCs. Read more

blogs.msdn.com:
Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2. Read more

news.com.com:
Intel chip glut may bring holiday cheer to PC buyers. Read more

news.com.com:
Publishers to build own online book network. Read more

. 22 October 2005

Guides, Papers, etc
www.microsoft.com:
The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with Service Pack 2 (SP2). Read more

support.microsoft.com:
The computer may not be updated after you install the "Security Update for DirectX 7.0 for Windows 2000 (KB904706)" on a Windows 2000-based computer that is running DirectX 8 or DirectX 9. Read more

Rootkits. Hide'n Seek revisited - Full stealth is back. Read more

www.windowsecurity.com:
Robot Wars � How Botnets Work. Read more

www.esecurityplanet.com:
Gambling, Porn in Workplace Breed Spyware. Read more

news.com.com:
Ballmer: Trusting Vista, battling Google. Read more

www.theregister.co.uk:
How ATM fraud nearly brought down British banking. Read more

www.computerworld.com:
Guard against Titan Rain hackers. Read more

www.eweek.com:
By Larry Seltzer. A Bad Week for Patch QA. Read more

wired.com:
Creating the Global Hot Spot. Read more

www.electricnews.net:
Virus writers motivated by money: expert. Read more

www.betadot.com:
Linux Vs. Windows Security: How About The Truth? Read more

www.silicon.com:
Leader: Why teach students malware techniques? Read more

www.silicon.com:
'Nigerian' money scam: What happens when you reply? Read more

www.washingtonpost.com:
Bypassing the Password Prompt. Read more

www.forbes.com:
Talent Wars. Read more

 

Tools:
Flock Browser Takes Flight
New �social browser� has �web 2.0� functions built in, allowing users to blog, share photos, and bookmark. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
eBASEweb Input Validation Flaw Permits SQL Injection Attacks. Read more

securitytracker.com:
Zomplog Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
TikiWiki Unspecified Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

 

News
news.zdnet.com:
Exploit out for Zotob-like Windows flaw. Read more

www.technewsworld.com:
Former Intermix CEO Settles Spyware Case. Read more

www.theregister.co.uk:
Two get death sentence for cybercafe fire. Read more

www.esecurityplanet.com:
Snort's Intrusion System Blows a Hole. Read more

www.redherring.com:
What Google Must Do. Former Netscape executives recommend the search engine avoid angering Microsoft. Read more

www.smh.com.au:
Microsoft recants exclusive music deals. Read more

www.betanews.com:
Microsoft Music Deals Raise Questions. Read more

www.macworld.com:
Microsoft backs off on music player contracts. Read more

www.earthtimes.org:
Microsoft's patchy times continue to the ennui of users. Read more

www.theregister.co.uk:
Hunt for Swedish file sharers steps up. Read more

. 21 October 2005

Guides, Papers, etc
www.securityfocus.com:
Evolution of Web-based worms. Read more

palisade.paladion.net:
Stealing passwords via browser refresh. Read more

sunbeltblog.blogspot.com:
Misleading dialog box of the day. Read more

sunbeltblog.blogspot.com:
Adware community cackles with glee. Read more

www.computerworld.com:
Guard against Titan Rain hackers. Read more

www.esecurityplanet.com:
Email Security: How Much is Enough? Read more

blogs.washingtonpost.com:
Why You Need to Guard Your Computer. Read more

wired.com:
Sue Companies, Not Coders. Read more

wired.com:
Furor Grows Over Internet Bugging. Read more

 

Tools:
www.betanews.com:
VMware Ships Free Virtual Machine App. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation. Read more

www.debian.org:
DSA-869-1 eric -- missing input sanitising. Read more

www.debian.org:
DSA-868-1 mozilla-thunderbird -- several vulnerabilities. Read more

www.debian.org:
DSA-867-1 module-assistant -- insecure temporary file. Read more

securitytracker.com:
BMV Buffer Overflow in openpsfile() Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Squid rfc1738_do_escape() FTP Server Response Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Norton Anti-Virus for Macintosh DiskMountNotify Execution Path Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Symantec LiveUpdate Java Interface Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Ethereal Bugs in Multiple Dissectors Let Remote Users Execute Arbitrary Code or Cause Denial of Service Conditions. Read more

securitytracker.com:
Cisco 11500 Content Services Switch Lets Remote Users Deny Service With Malformed SSL Client Certificates. Read more

securitytracker.com:
PHP-Nuke Input Validation Errors in 'modules.php' Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Xerver Bugs Let Remote Users View Index Directory Listings, Obtain Script Source Code, and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
NetFlow Analyzer Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

 

News
www.securityfocus.com:
Dutch bot-net suspects infected 1.5 million PCs, officials say. Read more

www.vnunet.com:
Botnet operation controlled 1.5m PCs. Read more

news.bbc.co.uk:
Spyware 'rampant' in UK computers. Read more

www.betanews.com:
Microsoft to Offer Education Grants. Read more

www.securitypipeline.com:
Internet Fraud, Deception Targeted By N.Y. Attorney General. Read more

www.theregister.co.uk:
Webroot guesstimates inflate UK spyware problem. Read more

www.theregister.co.uk:
O2 pushes ahead with super-fast mobile service. Read more

www.techweb.com:
Hackers, Scammers Hide Malicious JavaScript On Web Sites. Read more

www.smh.com.au:
Intermix man settles spyware suit. Read more

news.bbc.co.uk:
Ads fuel soaring Google profits. Read more

news.bbc.co.uk:
Has the Google juggernaut got a roadmap? Read more

www.informationweek.com:
Google To Blame For Spam-Related Blog Entries, Some Say. Read more

news.bbc.co.uk:
Wi-fi cities spark hotspot debate. Read more

news.com.com:
Scientology spoof site has its own cult following. Read more

. 20 October 2005

Guides, Papers, etc
www.out-law.com:
OUT-LAW Phishing Conference. Read more

www.argeniss.com:
Story of a dumb patch. Read more

www.eweek.com:
By Larry Seltzer: Only Suckers Renew. Read more

www.securityfocus.com:
Snort vulnerability "wormable" but not widespread. Read more

software.silicon.com:
Hackers to attack VoIP in two years. Read more

software.silicon.com:
Should security companies be regulated? Read more

www.securityfocus.com:
Two-factor banking. Read more

www.windowsitpro.com:
Secure Your Wireless Network. Read more

 

Tools:
www.deviceforge.com:
Cellphones learn to recognize their owners' faces. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-866-1 mozilla -- several vulnerabilities. Read more

securitytracker.com:
MySource Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Oracle Database and Application Server Have Multiple Unspecified Vulnerabilities With Unspecified Impact. Read more

securitytracker.com:
Xloadimage Buffer Overflows in Processing NIFF Format Files Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Netpbm Buffer Overflow in 'pnmtopng' May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Snort Buffer Overflow in Back Orifice Preprocessor Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
IIS RSA WebAgent Redirect Buffer Overflow Exploit. Read more

www.securiteam.com:
Microsoft Windows Network Connection Manager Local DoS (Exploit, MS05-045). Read more

 

News
news.zdnet.co.uk:
Keep Internet out of UN control, says US. Read more

www.vnunet.com:
Rootkit creators turn professional. Read more

bink.nu:
Microsoft Security Bulletin Minor Revisions. Read more

www.eweek.com:
Microsoft Consults Ethical Hackers at Blue Hat. Read more

news.zdnet.co.uk:
Microsoft: Africa doesn't need free software. Read more

news.bbc.co.uk:
Wi-fi cities spark hotspot debate. Read more

wired.com:
Cities Unleash Free Wi-Fi. Read more

www.cio-today.com:
New Plans To Safeguard LANs. Read more

news.bbc.co.uk:
Broadband net goes stratospheric. Read more

www.theregister.co.uk:
Snort plugs Back Orifice as Oracle issues mega-fix. Read more

www.theregister.co.uk:
Bruce Schneier talks cyber law. Read more

news.com.com:
Kerio to scrap desktop firewall. Read more

www.technewsworld.com:
Google Targeted in 'Splogging' Attacks. Read more

news.bbc.co.uk:
Google is sued by book publishers. Read more

news.zdnet.com:
Schools get tailored cyberattack data. Read more

. 19 October 2005

Guides, Papers, etc
www.auug.org.au:
AUUG 2005. The Conference for Unix, Linux and Open Source Professionals. Read more

software.silicon.com:
Criminal IT: Unlocking the power of computer crime evidence. Read more

www.fraudlabs.com:
10 Measures to Reduce Credit Card Fraud for Internet Merchants. Read more

wiki.ccert.edu.cn:
Active Technologies to Contain Internet Worm. Read more

searchopensource.techtarget.com:
Stopping Linux desktop adoption sabotage. Read more

www.technewsworld.com:
Codes Make Printers Stool Pigeons. Read more

 

Tools:
www.betanews.com:
Microsoft Research Ships Wi-Fi Tool. Read more

 

Vulnerabilities & Exploits
www.us-cert.gov:
Snort Back Orifice Preprocessor Buffer Overflow. Read more

xforce.iss.net:
Snort Back Orifice Parsing Remote Code Execution. Read more

securitytracker.com:
e107 Input Validation Hole in 'resetcore.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Flexbackup Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Opera HTML Parsing Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Lynx Buffer Overflow in HTrjis() in Processing NNTP Headers Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.itweb.co.za:
Costly virus damage. Read more

www.auug.org.au:
AUUG 2005: DRM and wiretapping huge threats to cyber freedom. Read more

www.vnunet.com:
Skype spoof hides IRCbot Trojan. Read more

www.technewsworld.com:
Malware Writers Exploit Skype Hype. Read more

www.eweek.com:
Microsoft Bakes Windows AntiSpyware into Vista. Read more

www.csmonitor.com:
Want to check your e-mail in Italy? Bring your passport. Read more

www.theregister.co.uk:
Security pros win out in office politics. Read more

www.silicon.com:
Microsoft warns ID cards pose massive security risk. Read more

news.com.com:
Security flaw touches Windows Media Player, IE. Read more

www.theregister.co.uk:
Old dog VMware learns new server partitioning tricks. Read more

www.wired.com:
India: Google Maps Too Graphic. Read more

www.theregister.co.uk:
Say hello to the Skype Trojan. Read more

www.fcw.com:
Davidson: Lessons of warfare for IT security. Read more

news.bbc.co.uk:
Up in the air. Read more

www.wired.com:
'4G' Leapfrogs Next-Gen Wireless. Read more

news.bbc.co.uk:
Nintendo in McDonald's wi-fi deal. Read more

www.wired.com:
DVD Jon Lands Dream Job Stateside. Read more

. 18 October 2005

Guides, Papers, etc
www.benedelman.org:
Claria Shows Ads Through Exploit-Delivered Popups. Read more

www.eweek.com:
As Threats Evolve, Defenses Must Adapt. Read more

www.theregister.co.uk:
Google Earth: the black helicopters have landed. Read more

techrepublic.com.com:
Photo Gallery: Installing the Vista beta. Read more

evilscientists.de:
Cisco Password Encryption reversed. Read more

antiphishing.org:
Phishing Activity Trends Report August, 2005. Read more

www.vnunet.com:
The hackers who can put your IT security to the test. Read more

www1.cs.columbia.edu:
A Cooperative Immunization System for an Untrusting Internet. Read more

wired.com:
Spyware: What You Need to Know. Read more

 

Vulnerabilities & Exploits
www.zataz.net:
flexbackup default config insecure temporary file creation. Read more

securitytracker.com:
MailSite Express Lets Remote Users Upload Scripting Files and Execute Them. Read more

securitytracker.com:
Sun Solairs chdir() Null Pointer Dereference Lets Local Users Deny Service. Read more

 

News
news.com.com:
Trojan masquerades as Skype update. Read more

news.com.com:
Windows patch backfires on the security-minded. Read more

www.securityfocus.com:
Windows patch + ACL = Trouble. Read more

news.zdnet.com:
Cisco extends NAC security to switches. Read more

news.com.com:
Samy opens new front in worm war. Read more

news.zdnet.co.uk:
Online banking security standard 'by the end of 2005'. Read more

news.bbc.co.uk:
Gates cheers on computer museum. Read more

www.smh.com.au:
NY spammer sentenced in closed session. Read more

news.yahoo.com:
Google Offers Glimpse at Data Collection. Read more

news.com.com:
Google widens book search effort in Europe. Read more

www.internetweek.com:
Scammers Dupe Online Daters for Millions Of Dollars. Read more

www.theregister.co.uk:
Millions of UK households at risk of ID theft. Read more

www.theregister.co.uk:
Web 2.0 worm downs MySpace. Read more

www.pcworld.com:
Intel Slashes PC Power-up Time. Read more

news.bbc.co.uk:
Wanadoo ups basic broadband speed. Read more

news.bbc.co.uk:
Copyright for the digital age. Read more

. 17 October 2005

Guides, Papers, etc
www.whitedust.net:
Interview with NMAP Creator Fyodor . Read more

www.opensolaris.org:
A Comparison of Solaris, Linux, and FreeBSD Kernels. Read more

www.signonsandiego.com:
Tracking mobile phones for real-time traffic data. Read more

www.zdnet.com.au:
Wireless crackdown. Read more

www.zdnet.com.au:
Wireless security: Pringles peril. Read more

www.webpronews.com:
When In Hacker Doubt, Have A Burrito. Read more

archives.neohapsis.com:
MSDTC. [Dailydave] sky != falling. Read more

www.sensepost.com:
The very informal guide to understand what BiDiBLAH actually does. Read more

business.scotsman.com:
VoIP - the internet phone revolution. Read more

pb.specialised.info:
Exploiting Windows Device Drivers. Read more

 

Tools:
www.terra.net.lb:
Samsung launches cell phone with 3-gigabyte memory. Read more

 

News
www.boston.com:
Don't give UN control over Internet. Read more

nwc.networkingpipeline.com:
Newest Mobile Devices Are Latest Threat To Network Security. Read more

www.zdnet.com.au:
Web sites threatened by Samy worm. Read more

www.detnews.com:
FBI puts stop to spam king. Read more

www.wired.com:
Wi-Fi Cloud Covers Rural Oregon. Read more

www.vnunet.com:
Microsoft to spark desktop security software price war. Read more

www.computerworld.com:
Microsoft patch problematic for some, security firm says. Read more

news.zdnet.com:
Phishing fight may be paying off. Read more

blog.outer-court.com:
How to Make 1 Million Friends on MySpace. Read more

news.bbc.co.uk:
UK 'lax' over identity theft. Read more

www.technewsworld.com:
Venture Capital Flows to Firms Targeting ID Theft. Read more

www.int.iol.co.za:
Top gamers caught cheating at cybergames. Read more

. 16 October 2005

Guides, Papers, etc
www.int.iol.co.za:
Forget about forgetting your passwords. Read more

www.informationweek.com:
IT Confidential: Would You Like Spyware With That? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
IBM AIX lscfg Command May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Gallery Input Validation Bug in Processing Internal Cache Files Lets Remote Users Traverse the Directory. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Minor Revision. Read more

www.tgdaily.com:
Microsoft exec warns of 'fake' XP update. Read more

www.itp.net:
Jailed hackers prove crime does not pay. Read more

google.weblogsinc.com:
O�Reilly Google Hacks Code Online. Read more

msmvps.com:
Trend Micro Study Reveals Spyware Encounters Are Increasing at Work. Read more

www.int.iol.co.za:
MS supports development of Eskimo language. Read more

software.silicon.com:
Leader: The beginning of the end for 419 scams? Read more

www.smh.com.au:
101 held for 'obscene' net activity. Read more

. 15 October 2005

Guides, Papers, etc
www.securityfocus.com:
Worm worries don't wait for Windows exploits. Read more

news.com.com:
Time for a real Internet highway. Read more

www.it-observer.com:
Behind the Scams--How to Follow the Clues at an Internet Crime Scene. Read more

net-security.org:
Insider Security Threats Q&A. Read more

arachnid.homeip.net:
Bots and botnets � risks, issues and prevention. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Solaris SCTP Socket Option Processing Bugs Let Local Users Deny Service. Read more

securitytracker.com:
Hitachi TP1 Lets Remote Users Deny Service. Read more

securitytracker.com:
cURL/libcurl Buffer Overflow in Processing NTLM Authentication Values May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
wget Buffer Overflow in Processing NTLM Authentication Values May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
XMail Buffer Overflow in AddressFromAtPtr() May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Complete PHP Counter Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

 

News
www.technewsworld.com:
Viruses Increasingly Infecting Enterprise Networks Via IM. Read more

news.zdnet.com:
Critical Windows patch may wreak PC havoc. Read more

www.usatoday.com:
Spyware can constitute illegal trespass on home computers. Read more

www.schneier.com:
Blizzard Entertainment Uses Spyware to Verify EULA Compliance. Read more

news.zdnet.com:
' Nigeria enlists Microsoft to fight spam scammers. Read more

news.zdnet.com:
' Phishing fight may be paying off. Read more

www.theregister.co.uk:
US cybersecurity all at sea. Read more

aawsat.com:
Infamous Al-Qaeda Bloggers Nationalities Revealed. Read more

news.zdnet.com:
Al-Qaida proving elusive on the Net. Read more

www.techworld.com:
Symantec to unleash 'Big Brother' on the world. Read more

seattlepi.nwsource.com:
Gates talks about a future with even easier communication. Read more

news.com.com:
Gates to students: Microsoft wants you. Read more

www.informationweek.com:
Massachusetts Hits "Internet Spam Gang" With $37 Million Fine. Read more

software.silicon.com:
Veritas issues another security flaw warning. Read more

www.vnunet.com:
Lloyds TSB trials token-based security device. Read more

news.bbc.co.uk:
Hollywood pursues fake film sites. Read more

. 14 October 2005

Guides, Papers, etc
cyber.law.harvard.edu:
Empirical Analysis of Internet Filtering in China. Read more

www.bangkokpost.com:
Big Brother decides what you see in Burma. Read more

www.rootkit.com:
4.5 million copies of EULA-compliant spyware. Read more

forums.worldofwarcraft.com:
WoW is Spyware author = Bot Coder/Hacker!!! Read more

www.securityfocus.com:
ICANN on center stage. Read more

www.windowsecurity.com:
Changing Passwords for Key User Accounts. Read more

www.unixreview.com:
Computer Security, It�s Not About the Software. Read more

www.biosmagazine.co.uk:
Cybercrime Wars. Read more

internet.newsforge.com:
How to keep instant messaging off the record. Read more

ww.cs.vu.nl:
SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots. Read more

www.informationweek.com:
Analysis: Microsoft, Yahoo Alliance Takes Aim At IM Competition. Read more

telephonyonline.com:
Why security is the key to wireless profitability. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Microsoft Collaboration Data Objects Buffer Overflow PoC Exploit (MS05-048). Read more

www.frsirt.com:
Microsoft Windows Network Connection Manager Local DoS Exploit (MS05-045). Read more

www.frsirt.com:
Microsoft Windows FTP Client File Transfer Location Tampering Exploit. Read more

www.idefense.com:
Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability. Read more

www.idefense.com:
Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability. Read more

www.debian.org:
DSA-865-1 hylafax -- insecure temporary files. Read more

securitytracker.com:
Sun Solaris pwdx Discloses Process Directory Information to Local Users. Read more

securitytracker.com:
Sun Solaris secpolicy_fs_common() Null Pointer Dereference Lets Local Users Panic the System. Read more

securitytracker.com:
Symantec Brightmail AntiSpam Lets Remote Users Deny Service With Malformed MIME Content. Read more

securitytracker.com:
HP-UX Itanium Stack Bug Lets Local Users Deny Service. Read more

 

News
www.theregister.co.uk:
Desktop search and malware: friend or foe? Read more

www.computerworld.com.au:
Cisco exec on security, Black Hat brouhaha. Read more

www.bakutoday.net:
China arrests 101 people for obscene Internet activity. Read more

www.computerworld.com.au:
Exploit code discovered for new Microsoft flaw. Read more

www.theglobeandmail.com:
Gates strokes Canada's high-tech talent pool. Read more

www.sky.com:
INTERNET FRAUD TARGETED. Read more

news.zdnet.co.uk:
Symantec raises Norton prices. Read more

www.technewsworld.com:
US Still the Ruling Land of Spam. Read more

www.technewsworld.com:
Experts: Computer Crime Down But Caution Still Needed. Read more

www.betanews.com:
Cross-Site Scripting Worm Hits MySpace. Read more

www.theregister.co.uk:
Yahoo! clamps down on predatory chat. Read more

software.silicon.com:
Veritas issues another security flaw warning. Read more

networks.silicon.com:
Mobile anti-theft device that knows how you walk. Read more

news.com.com:
Xbox plays starring role in Windows update. Read more

www.technewsworld.com:
Feds File Charges in Largest US Piracy Case. Read more

. 13 October 2005

Guides, Papers, etc
www.pulltheplug.org:
PullThePlug Contest. Call For Papers. Read more

www.securityfocus.com:
Arrests unlikely to impact bot net threat, say experts. Read more

www.vnunet.com:
Who's that knocking at your PC? Read more

www.securityfocus.com:
OpenBSD's network stack. Read more

www.prolexic.com:
The Prolexic Zombie Report. Read more

darkfader.net:
Notice on the DS bricker trojan. Read more

www.airscanner.com:
Close Encounters of the Hacker Kind: A Story from the Front Lines. Read more

www.airscanner.com:
Owned by the THR34T Krew...Part II. Read more

files.malwareblog.com:
EFFECTIVE SECURITY POLICY MANAGEMENT. Read more

 

Vulnerabilities & Exploits
www.zerodayinitiative.com:
VERITAS NetBackup Remote Code Execution. Read more

securitytracker.com:
Novell NetMail Buffer Overflow in Network Messaging Application Protocol Agent Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Java System Application Server May Disclose JSP Source Code to Remote Users. Read more

securitytracker.com:
GFI MailSecurity Web Module Buffer Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Computer Associates Buffer Overflow in iGateway Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Network Connection Manager Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-864-1 ruby1.8 -- programming error. Read more

 

News
www.theregister.co.uk:
Worm fears over MS October patch batch. Read more

www.itnews.com.au:
Windows 2000 bug could mean repeat of Zotob. Read more

www.itnews.com.au:
Exploit already out for new Win2K Bug. Read more

www.theregister.co.uk:
Phishing attack targets one-time passwords. Read more

networks.silicon.com:
MSN-Yahoo! IM love-in could spread worms. Read more

www.vnunet.com:
Grisoft predicts Linux virus plague. Read more

www.timesonline.co.uk:
Banks caught by �5m spy sting. Read more

www.news.wisc.edu:
Bill Gates surprises students as "stand in" professor. Read more

www.rednova.com:
Bedroom IT Skills Were Designed to Create a Devastating Worm. Read more

www.arnnet.com.au:
Firewall goes wireless. Read more

wired.com:
Don't Let Fear Kill Muni Wi-Fi. Read more

www.itnews.com.au:
Australia drops off 'Dirty Dozen' spammers list. Read more

news.bbc.co.uk:
Spammer's net name scam revealed. Read more

news.com.com:
Three indicted in massive bust of pirated CDs. Read more

www.theregister.co.uk:
Sweden takes file sharer to court. Read more

. 12 October 2005

Guides, Papers, etc
software.silicon.com:
Opinion: So why can't Microsoft build in security? Read more

www.newsfactor.com:
Spyware Spreads Despite Security Efforts. Read more

blogs.washingtonpost.com:
Positive News in the War on Spyware. Read more

www.bindshell.net:
The Cross-site Scripting Virus. Read more

www.microsoft.com:
Avoid wireless attacks through your Bluetooth cell phone. Read more

www.microsoft.com:
Help thwart online scams with Microsoft Phishing Filter. Read more

www.microsoft.com:
How to tell whether a Microsoft security-related e-mail message is genuine. Read more

www.microsoft.com:
Retire that computer more safely. Tips on how to help reduce risks when selling or discarding computer hardware. Read more

www.staysafeonline.info:
An Action Agenda for Securing the Nation�s Digital Resources: Start in Kindergarten! Read more

blogs.securiteam.com:
Skype�s encryption. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Microsoft Distributed Transaction Controller TIP DoS Vulnerability. Read more

www.idefense.com:
Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability. Read more

www.frsirt.com:
Microsoft Internet Explorer Multiple Remote Vulnerabilities (MS05-052). Read more

www.frsirt.com:
Microsoft Windows MSDTC and COM+ Multiple Vulnerabilities (MS05-051). Read more

www.frsirt.com:
Microsoft Windows DirectShow Remote Code Execution (MS05-050). Read more

www.frsirt.com:
Microsoft Windows Shell and Web View Vulnerabilities (MS05-049). Read more

www.frsirt.com:
Microsoft Collaboration Data Objects Code Execution (MS05-048). Read more

www.frsirt.com:
Microsoft Windows Plug and Play Remote Code Execution (MS05-047). Read more

www.frsirt.com:
Microsoft Client Service for NetWare Remote Code Execution (MS05-046). Read more

www.frsirt.com:
Microsoft Windows Network Connection Manager DoS (MS05-045). Read more

secunia.com:
WinRAR Format String and Buffer Overflow Vulnerabilities. Read more

securitytracker.com:
PHP Advanced Transfer Manager HTML Files Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
OpenSSL SSL_OP_MSIE_SSLV2_RSA_PADDING Option May Let Remote Users Rollback the Protocol Version. Read more

securitytracker.com:
SGI IRIX 'runpriv' Input Validation Error Lets Certain Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Cyphor Input Validation Holes Permot SQL Injection and Cross-Site Scripting Attacks. Read more

www.securiteam.com:
phpMyAdmin Directory Traversal (Exploit). Read more

www.debian.org:
DSA-863-1 xine-lib -- format string vulnerability. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Summary for October, 2005. Read more

www.theregister.co.uk:
Security pros savage Tsunami hacker verdict. Read more

news.zdnet.com:
Symantec won't 'whine' about Microsoft. Read more

www.theregister.co.uk:
Microsoft and Yahoo! 'to merge IM chat'. Read more

www.theregister.co.uk:
Users want ISPs to filter spyware. Read more

seattletimes.nwsource.com:
Microsoft sees a future on the small screen. Read more

news.bbc.co.uk:
Defending Google's licence to print. Read more

news.zdnet.co.uk:
Google closes security hole. Read more

www.electricnews.net:
Group pushes for faster Wi-Fi. Read more

. 11 October 2005

Guides, Papers, etc
www.demop.com:
User Phishing Awareness Survey. Read more

www.immunityinc.com:
Nematodes � Beneficial Worms. Read more

www.cnn.com:
A convicted hacker debunks some myths. Read more

www.eweek.com:
Larry Seltzer : MS-YASS 1.0? (Yet Another Security Suite). Read more

www.pulltheplug.org:
The PullThePlug Contest is a unique opportunity for individuals in the information security community to share their knowledge in the form of interesting and innovative papers and win a prize in the process. Read more

www.informit.com:
Details Emerge on the First Windows Mobile Virus. Read more

blogs.securiteam.com:
The Changing Face of Crime - What�s Out There? Read more

www.microsoft.com:
10 tips for safer instant messaging. Read more

 

Tools:
fileforum.betanews.com:
Tor for Windows 0.1.1.8 Alpha. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability. Read more

www.securitytracker.com:
Kaspersky Anti-Virus May Fail to Detect Viruses in Modified Archives. Read more

www.securitytracker.com:
Sophos Anti-Virus May Fail to Detect Viruses in Modified Archives. Read more

www.securitytracker.com:
Symantec AntiVirus May Fail to Detect Viruses in Modified Archives. Read more

www.securitytracker.com:
McAfee VirusScan May Fail to Detect Viruses in Modified Archives. Read more

www.frsirt.com:
Computer Associates iGateway Remote Buffer Overflow Vulnerability. Read more

www.securitytracker.com:
Clam VirusScan May Fail to Detect Viruses in Modified Archives. Read more

www.debian.org:
DSA-862-1 ruby1.6 -- programming error. Read more

www.debian.org:
DSA-861-1 uw-imap -- buffer overflow. Read more

www.debian.org:
DSA-860-1 ruby -- programming error. Read more

www.debian.org:
DSA-859-1 xli -- buffer overflows. Read more

www.debian.org:
DSA-858-1 xloadimage -- buffer overflows. Read more

www.securiteam.com:
MailEnable Logging Buffer Overflow (Nematoda, Exploit). Read more

www.securiteam.com:
ProZilla Buffer Overflow (Exploit). Read more

 

News
www.theregister.co.uk:
MS security bundling plan causes waves. Read more

news.bbc.co.uk:
Net power struggle nears climax. Read more

today.reuters.co.uk:
Wireless industry comes together for faster Wi-Fi. Read more

www.theregister.co.uk:
Anti-spam user authentication is 'worse than useless'. Read more

www.itnews.com.au:
Microsoft opens Hotmail Kahuna beta. Read more

software.silicon.com:
Google fixes phishing flaw. Read more

www.theregister.co.uk:
Google Sun (Office) not a threat, says MS. Read more

www.theregister.co.uk:
We'll index the world by 2310, says Google. Read more

news.bbc.co.uk:
Web enjoys year of biggest growth. Read more

www.theregister.co.uk:
DDoS by mobile phone: is it a goer? Read more

www.vitalsecurity.org:
They whacked Google! Read more

www.finjan.com:
Finjan Identifies Dangerous Cross Site Scripting Vulnerability on Google. Read more

news.zdnet.co.uk:
Tsunami 'hacker' is innocent, say readers. Read more

. 10 October 2005

Guides, Papers, etc
astalavista.com:
How to Cheat at Chess: A Security Analysis of the Internet Chess Club. Read more

www.cnn.com:
A convicted hacker debunks some myths. Read more

www.insipid.com:
Next Generation DHCP Deployments. Read more

www.cs.jhu.edu:
Analysis of the WinZip Encryption Method. Read more

www.cse.ucsd.edu:
Attacking and Repairing the WinZip Encryption Scheme. Read more

www.smsanalysis.org:
Exploiting Open Functionality in SMS-Capable Cellular Networks. Read more

astalavista.com:
Astalavista Group Security Newsletter Issue 21 - 30 September 2005. Read more

www.betanews.com:
Windows, Windows Everywhere. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HAURI ViRobot Buffer Overflow in Processing ALZ Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HAURI LiveCall Buffer Overflow in Processing ALZ Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Oracle Forms Lets Remote Users Shutdown the TNS Listener. Read more

www.debian.org:
DSA-857-1 graphviz -- insecure temporary file. Read more

www.debian.org:
DSA-856-1 py2play -- design error. Read more

www.debian.org:
DSA-855-1 weex -- format string vulnerability. Read more

www.debian.org:
DSA-854-1 tcpdump -- infinite loop. Read more

www.debian.org:
DSA-853-1 ethereal -- several vulnerabilities. Read more

 

News
www.informationweek.com:
Microsoft Details Antivirus And Anti-Spyware Timetable. Read more

bink.nu:
Microsoft warns, don't use "Windows XP Service Pack 3 Preview". Read more

www.usatoday.com:
At age 30, Microsoft grapples with growing up. Read more

www.betanews.com:
MS Patch Tuesday to Bring Nine Fixes. Read more

news.com.com:
Google ETA? 300 years to index the world's info. Read more

www.usatoday.com:
Mystery surrounds Google. Read more

www.vnunet.com:
Cops smash 100,000 node botnet. Read more

. 09 October 2005

Guides, Papers, etc
files.malwareblog.com:
ANTI-VIRUS IN THE WILD. Read more

www.eweek.com:
Larry Seltzer: Kill Pests, Don't Spread Them. Read more

www.securitypipeline.com:
Review: Spyware Detectors. Read more

www.macdevcenter.com:
Mac Security: Identifying Changes to the File System. Read more

 

Tools:
www.securiteam.com:
Cisco Password Cracker. Read more

www.redherring.com:
Rugged Laptops Gain Popularity. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-852-1 up-imapproxy -- format string vulnerability. Read more

www.debian.org:
DSA-851-1 openvpn -- programming errors. Read more

www.debian.org:
DSA-850-1 tcpdump -- infinite loop. Read more

www.debian.org:
DSA-849-1 shorewall -- programming error. Read more

www.debian.org:
DSA-848-1 masqmail -- several vulnerabilities. Read more

 

News
news.zdnet.co.uk:
Tsunami 'hacker' conviction worries experts. Read more

news.zdnet.co.uk:
Security guru urges banks to beat ID theft. Read more

news.zdnet.co.uk:
Secure Wi-Fi hot spots rolled out. Read more

www.securitypipeline.com:
Attackers Could Text Message Cell Services To Death. Read more

www.redherring.com:
Microsoft Draws E.U. Scrutiny. Read more

cnews.canoe.ca:
Microsoft to test security services for business customers. Read more

www.redherring.com:
Mr. Google Goes to Washington. Read more

www.redherring.com:
Governator Bans Violent Games. Read more

. 08 October 2005

Guides, Papers, etc
www.microsoft.com:
WPA Wireless Security for Home Networks. Read more

www.tomsnetworking.com:
The Feds can own your WLAN too. Read more

computer.howstuffworks.com:
How Virtual Private Networks Work. Read more

www.cs.wright.edu:
Hacking Techniques in Wireless Networks. Read more

spywarewarrior.com:
The Spyware Warrior Guide to Anti-Spyware Programs. Read more

www.scs.carleton.ca:
ARP-based Detection of Scanning WormsWithin an Enterprise Network. Read more

news.bbc.co.uk:
Bill Thompson: Taking on software liability. Read more

www.infoworld.com:
Roger A. Grimes: Malicious attack trends: good, bad, and worse. Read more

www.technewsworld.com:
Poll: Public Perceives Net as Threat to Kids. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting. Read more

www.debian.org:
DSA-846-1 cpio -- several vulnerabilities. Read more

www.debian.org:
DSA-847-1 dia -- missing input sanitising. Read more

www.red-database-security.com:
Shutdown TNS Listener via Oracle Forms Servlet. Read more

www.red-database-security.com:
Cross-Site-Scripting Vulnerability in Oracle XMLDB. Read more

securitytracker.com:
Utopia News Pro Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
aspReady FAQ Manager Missing Input Validation Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Sun Directory Server Unspecified Bug Lets Remote Users Compromise the System. Read more

securitytracker.com:
PHP-Fusion Input Validation Holes in 'register.php' and 'faq.php' Permit SQL Injection Attacks. Read more

securitytracker.com:
Webroot Desktop Firewall Lets Local Users Gain Elevated Privileges or Disable the Firewall. Read more

securitytracker.com:
Mozilla Firefox Buffer Overflow in Processing IFRAME Widths May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ALZip Buffer Overflows in Processing Multiple Archives Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.int.iol.co.za:
Dutch arrest alleged 'W32.Toxbot' hackers. Read more

www.theregister.co.uk:
Dutch smash 100,000-strong zombie army. Read more

news.bbc.co.uk:
Hackers jailed over global virus. Read more

www.theregister.co.uk:
Pair jailed over virus plot. Read more

english.chosun.com:
Sports Chosun 'Infected With Spyware'. Read more

software.silicon.com:
Security firms put the boot into the media. Easier than admitting their own failings...Read more

www.vnunet.com:
Microsoft warms up for security push. Read more

news.zdnet.com:
Net backbone outage fixed, for now. Read more

www.theregister.co.uk:
Malware turns PSP into expensive brick. Read more

www.theregister.co.uk:
China purges spam SMS. Read more

. 07 October 2005

Guides, Papers, etc
www.newsfactor.com:
New Security Nightmare: Robot Networks. Read more

www.windowsecurity.com:
Standardization and the security appliance. Read more

www.adrianpv.com:
Interesting idea for a covert channel or I just didn't research enough?
Backdoor receives commands from the attacker by interpreting the properties of the dropped packets which were logged by the firewall. Read more

www.wired.com:
By Bruce Schneier: A Real Remedy for Phishers. Read more

www.microsoft.com:
Rootkits: The Obscure Hacker Attack. Read more

news.com.com:
FAQ: Inside Microsoft's Client Protection. Read more

news.com.com:
Blackout shows Net's fragility. Read more

 

Vulnerabilities & Exploits
secunia.com:
HAURI Anti-Virus ALZ Archive Handling Buffer Overflow. Read more

secunia.com:
Webroot Desktop Firewall Two Vulnerabilities. Read more

secunia.com:
PHP-Fusion Two SQL Injection Vulnerabilities. Read more

www.debian.org:
DSA-845-1 mason -- programming error. Read more

 

News
www.networkworld.com:
Report: Symantec brings Microsoft complaint to EU. Read more

seattlepi.nwsource.com:
Microsoft, nudged by competitors, to step up business security. Read more

www.theregister.co.uk:
Sober worm comeback poses as schoolfriend pic. Read more

www.vnunet.com:
Warning on bilingual Sober virus. Read more

www.theregister.co.uk:
Virus naming scheme gets mixed reception. Read more

www.newsfactor.com:
First Trojan for Sony PSP on the Loose. Read more

news.zdnet.co.uk:
Microsoft announces imminent security release. Read more

news.zdnet.co.uk:
Kaspersky confirms antivirus flaw. Read more

www.theregister.co.uk:
Victims coughing up to online extortionists. Read more

www.theregister.co.uk:
MS goes a bundle on malware protection. Read more

www.betanews.com:
MS to Ship Malware Protection Utility. Read more

blogs.securiteam.com
Snort Gone Commercial. Read more

www.theregister.co.uk:
How Dell repels attempts to buy its 'open source' PC. Read more

www.guardian.co.uk:
Third of top companies break email privacy laws. Read more

www.theregister.co.uk:
Tsunami hacker convicted. Read more

www.computerweekly.com:
Microsoft goes on hacker charm offensive. Read more

today.reuters.co.uk:
Microsoft says Windows is safer than you think. Read more

www.smh.com.au:
US cracks down on spyware operation. Read more

www.ecommercetimes.com:
Feds Point Finger at US Spyware Operation. Read more

news.bbc.co.uk:
Google-Sun alliance hints at future deals. Read more

news.zdnet.co.uk:
Secure Wi-Fi hot spots rolled out. Read more

news.zdnet.co.uk:
Nokia reacts to mobile virus threat. Read more

www.theregister.co.uk:
T-Mobile goes large on mobile net access. Read more

. 06 October 2005

Guides, Papers, etc
www.gi-ev.de:
SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Read more

www.pakcon.org:
PAKCON II, a cyber security convention held annually in Pakistan. Read more

thesecuritynetwork.org:
Cyber Security Event to be held on October 19th at National University's Spectrum Business Park location in Kearny Mesa. Read more

www.securityfocus.com:
Reducing browser privileges. Read more

msdn.microsoft.com:
Browsing the Web and Reading E-mail Safely as an Administrator. Read more

www.websensesecuritylabs.com:
Security Trends Report, First Half 2005. Read more

www.securityfocus.com:
Can writing software be a crime? Read more

www.newyorker.com:
THE ZOMBIE HUNTERS. Read more

deseretnews.com:
Spyware spreads despite security. Read more

www.sciam.com:
Stopping Spam. What can be done to stanch the flood of junk e-mail messages? Read more

www.perlcode.org:
Blocking Windows Worms at the Server with Procmail on a VPS. Read more

 

Tools:
www.thehotfix.net:
Windows XP Service Pack 3 Preview Download. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability. Read more

www.websensesecuritylabs.com:
Phishing Alert: Sooper Credit Union. Read more

www.websensesecuritylabs.com:
Phishing Alert: Colonial Bank. Read more

www.websensesecuritylabs.com:
Phishing Alert: Escrow.com. Read more

www.debian.org:
DSA-844-1 mod-auth-shadow -- programming error. Read more

www.debian.org:
DSA-843-1 arc -- insecure temporary file. Read more

www.debian.org:
DSA-842-1 egroupware -- missing input sanitising. Read more

www.debian.org:
DSA-841-1 mailutils -- format string vulnerability. Read more

securitytracker.com:
Uim Input Validation Flaw in Environment Variables May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Symantec Anti Virus Scan Engine Buffer Overflow in Web Service Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
UW-IMAP Buffer Overflow in Processing Mailbox Name Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
MailEnable Buffer Overflow in W3C Format Logging May Let Remote Users Execute Arbitrary Code. Read more

 

News
software.silicon.com:
Are online firms doing secret deals with DDoS attackers? Read more

software.silicon.com:
Symantec security hole puts systems at risk. Read more

today.reuters.co.uk:
Internet crime shifts to Russia. Read more

news.com.com:
FTC sues company over spyware. Read more

www.zdnet.com.au:
Nessus security tool closes its source. Read more

www.physorg.com:
Another view of the Internet's fragility. Read more

www.latimes.com:
Hackers Could Cripple Mobile Phone Networks, Study Says. Read more

www.computerweekly.com:
No jobs for the bad boys. Read more

www.seniorjournal.com:
FTC Targets Company Secretly Installing Spyware that Can�t Be Uninstalled. Read more

www.theregister.co.uk:
Microsoft FAT patent rejected - again. Read more

www.washingtonpost.com:
AOL boosts anti-phishing protection. Read more

www.620ktar.com:
Microsoft to Offer New Security Service. Read more

www.theregister.co.uk:
'DEC hacking' trial opens. Read more

. 05 October 2005

Guides, Papers, etc
www.windowsecurity.com:
Review of Security Planning Guides from Microsoft. Read more

www.benedelman.org:
Video: New.net Installed through Security Holes. Read more

www.suse.de:
x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. Read more

astalavista.com:
Do Security Toolbars Actually Prevent Phishing Attacks? Read more

astalavista.com:
A Strong Authentication Mechanism for Consumer-Facing Online Transactions. Read more

 

Tools:
www.microsoft.com:
SyncToy: the smart way to copy files. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Hitachi JP1/Cm2/Network Node Manager Unspecified Bugs Let Remote Users Deny Service or Execute Arbitrary Commands. Read more

 

News
www.theregister.co.uk:
Zombie bots clog internal networks. Read more

www.techworld.com:
Firefox site hacked again. Read more

news.bbc.co.uk:
Web helps criminals trap victims. Read more

www.smh.com.au:
China shuts three anti-govt sites. Read more

management.silicon.com:
Security consultants writing their own pay cheques. Read more

www.theglobeandmail.com:
Google, Sun Micro link up on software. Read more

www.channelregister.co.uk:
Kaspersky in heap-based buffer overflow vuln. Read more

www.informationweek.com:
Kaspersky Says It's Fixed AV Scanner Flaw. Read more

www.infoworld.com:
Click fraud is growing concern. Read more

www.vnunet.com:
Expert witness questions child porn jailings. Read more

beta.news.com.com:
Text hackers may threaten cell phones. Read more

news.bbc.co.uk:
Future mobiles to get chip boost. Read more

. 04 October 2005

Guides, Papers, etc
www.secureenterprisemag.com:
Q&A With 'Wormologist' Vern Paxson. Read more

www.truste.org:
How Not to Look Like a Phish. Read more

 

Vulnerabilities & Exploits
www.rem0te.com:
Kaspersky Antivirus Library Rem�te Heap Overflow Security Advisory. Read more

www.frsirt.com:
Kaspersky Anti-Virus Products Remote Heap Overflow Vulnerability. Read more

securitytracker.com:
ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
MyBloggie Input Validation Hole in 'login.php' Lets Remote Users Inject SQL Commands to Bypass Authentication. Read more

securitytracker.com:
Citrix MetaFrame Presentation Server ClientName Policies Can Be Bypassed By Remote Authenticated Users. Read more

securitytracker.com:
Virtools Web Player Buffer Overflow and Directory Traversal. Read more

securitytracker.com:
Texinfo 'texindex' Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM AIX getconf Utility Lets Local Users Gain Elevated Privileges. Read more

www.debian.org:
DSA-840-1 drupal -- missing input sanitising. Read more

www.debian.org:
DSA-839-1 apachetop -- insecure temporary file. Read more

 

News
www.theregister.co.uk:
Backdoor Trojan targets Microsoft Access. Read more

beta.news.com.com:
Worms biting harder into IM, P2P. Read more

beta.news.com.com:
Flaw found in Kaspersky antivirus. Read more

informationweek.com:
Researcher Claims Kaspersky Anti-Virus Has Security Flaw. Read more

www.zdnet.com.au:
Virus attacks fall. Read more

news.zdnet.co.uk:
Government creates network to fight hackers. Read more

www.theregister.co.uk:
Political hackers deface Novell SUSE sites. Read more

fraudwar.blogspot.com:
The Social Solution to Internet Fraud. Read more

beta.news.com.com:
PGP set to release encryption package. Read more

beta.news.com.com:
Google faces obstacles in S.F. Wi-Fi bid. Read more

beta.news.com.com:
Google, Sun plan partnership. Read more

wired.com:
'UnGoogleables' Hide From Search. Read more

www.sci-tech-today.com:
Next-Gen Processor: Supercomputer on a Chip. Read more

www.thebusinessonline.com:
Microsoft invents a �one-play only� DVD to combat Hollywood piracy. Read more

seattlepi.nwsource.com:
Microsoft shows off new games. Read more

news.zdnet.co.uk:
EC to rival Google with massive digital library. Read more

. 03 October 2005

Guides, Papers, etc
www.infosecwriters.com:
A Closer Look at the Worm_Mimail.A. Read more

 

Tools:
www.theregister.co.uk:
Nokia 9300: our long term test. Read more

 

News
www.techtree.com:
New Adware Alters Search Results. Read more

sclblog.com:
Schwarzenegger Signs Anti-Phishing Law. Read more

www.themercury.news.com.au:
An angel on cyber space patrol. Read more

www.theinquirer.net:
Microsoft's PDF support conceals hidden agenda. Read more

recordingindustryvspeople.blogspot.com:
Oregon RIAA Victim Fights Back; Sues RIAA for Electronic Trespass, Violations of Computer Fraud & Abuse, Invasion of Privacy, RICO, Fraud. Read more

. 02 October 2005

Guides, Papers, etc
astalavista.com:
A Self-Learning Worm Using Importance Scanning. Read more

itmanagement.earthweb.com:
New Tools May Beat Rootkits. Read more

itmanagement.earthweb.com:
IceSword Author Speaks Out On 'Rootkits'. Read more

windowssecrets.com:
Antispyware apps vie for top spot. Read more

astalavista.com:
ON PRIVACY AND THE WEB. Read more

 

Tools:
www.terra.net.lb:
Sony's new AIBO robo-dog talks but needs petting. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-837-1 mozilla-firefox -- buffer overflow. Read more

www.debian.org:
DSA-836-1 cfengine2 -- insecure temporary files. Read more

www.debian.org:
DSA-835-1 cfengine -- insecure temporary files. Read more

 

News
www.washingtonpost.com:
New Bans Show China's Concerns About Tech. Read more

management.silicon.com:
VoIP wiretapping rules to be considered. Read more

www.brownwoodbulletin.com:
Police warn of Internet scam involving motel reservations. Read more

news.bbc.co.uk:
Net phoning starts to win friends. Read more

www.duluthsuperior.com:
Yahoo accused of raiding workers. Read more

www.terra.net.lb:
Give up web domination, US told. Read more

arstechnica.com:
Google offers free WiFi network for San Francisco. Read more

www.bloomberg.com:
Google May Be Bad for You; Battelle's `The Search' Explains Why. Read more

www.terra.net.lb:
China hands over American jailed for selling pirated DVDs. Read more

. 01 October 2005

Updated: Trojan News September. Read more

 

Guides, Papers, etc
www.pcworld.com:
10-Step Security. Read more

seattletimes.nwsource.com:
Firewalls are still the best for protecting computer. Read more

networks.ecse.rpi.edu:
Early Detection of BGP Instabilities Resulting from Internet Worm Attacks. Read more

 

Tools:
www.theregister.co.uk:
Sony unveils Memory Stick Micro. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Macromedia Breeze Password Reset Feature May Disclose Passwords. Read more

securitytracker.com:
ASPEdit Discloses Administrative Password to Local Users. Read more

www.debian.org:
DSA-834-1 prozilla -- buffer overflow. Read more

www.debian.org:
DSA-833-1 mysql-dfsg-4.1 -- buffer overflow. Read more

www.debian.org:
DSA-832-1 gopher -- buffer overflows. Read more

www.debian.org:
DSA-831-1 mysql-dfsg -- buffer overflow. Read more

 

News
news.com.com:
Malicious code could trick ZoneAlarm firewall. Read more

www.theregister.co.uk:
NetSky-P tops moribund malware chart. Read more

beta.news.com.com:
Trojan rides in on unpatched Office flaw. Read more

beta.news.com.com:
New worm spoofs Google, Yahoo and MSN sites. Read more

www.pcworld.idg.com.au:
Destructive power of mobile viruses could rise fast. Read more

catless.ncl.ac.uk:
Router worms and International Infrastructure. Read more

beta.news.com.com:
Microsoft confirms next XP service pack. Read more

www.newsfactor.com:
Microsoft Presents IE 7 to Hackers. Read more

www.pcworld.com:
Threat Alert: Spear Phishing. Read more

news.zdnet.co.uk:
Visa backtracks over ID theft case. Read more

www.computerworld.com:
Hackers fail to break into Via's StrongBox $5,000 prize was at stake. Read more

today.reuters.com:
Microsoft plans cheaper Windows version for India. Read more

beta.news.com.com:
Mozilla plugs Thunderbird holes. Read more

www.theregister.co.uk:
RIAA files 757 more P2P lawsuits. Read more


Copyright� MegaSecurity.org