Home    News Archive    Translate Traducen
News December 2005
31 December 2005

Descriptions of 140 Trojans added to The Archive. Read more

 

Guides, Papers, etc
isc.sans.org:
WMF and Indexing (NEW). Read more

www.informit.com:
Planning a New Installation of Microsoft Small Business Server (SBS). Read more

 

Vulnerabilities & Exploits
www.iptel.org:
Replay Attack Vulnerability on Sonys Instant Video Everywhere Service. Read more

securitytracker.com:
TinyMCE Compressor Input Validation Bug Discloses File Contents and Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
phpDocumentor Include File Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
VMware ESX Server Management Interface Bug Lets Remote Users Execute Code in the Browser. Read more

securitytracker.com:
TkDiff Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Hitachi Business Logic - Container Input Validation Holes Permit SQL Injection, Cross-Site Scripting, and HTTP Response Splitting Attacks. Read more

securitytracker.com:
OpenOffice WWW-Browser Button May Not Properly Enforce Hyperlink Security Restrictions. Read more

 

News
www.internetnews.com:
Windows 0-Day Exploit Helped by Open Source? Read more

seattlepi.nwsource.com:
Hackers seize on newfound flaw in Windows. Read more

www.theregister.co.uk:
Google AdSense Trojan prowls cyberspace. Read more

www.scmagazine.com:
Marriott customer data missing. Read more

portal.telegraph.co.uk:
Hacker faces 10 years' jail for virus attacks on Ebay. Read more

www.redherring.com:
Google Sued for $5B. Read more

. 30 December 2005

Guides, Papers, etc
blogs.securiteam.com:
WMF Spyware/Worm on the loose. Read more

sunbeltblog.blogspot.com:
A note on DEP and the WMF exploit. Read more

www.eweek.com:
Another WMF (Windows Major Foul-Up). Read more

www.blackhat.com:
Black Hat Federal and Europe Call for Papers. Read more

www.infosecwriters.com:
The Role of a Distributed Honeypot in a Post-Worm World. Read more

www.infosecwriters.com:
DNS Name Prediction With Google. Read more

www.infosecwriters.com:
The 9 Common Killers of Information Security Programs. Read more

www.gray-world.net:
Covert channels through the looking glass. Read more

www.infosecwriters.com:
Sticks and Stones�Read more

www.infosecwriters.com:
Receive-only UTP cables and Network Taps. Read more

www.infosecwriters.com:
LMCrack - Cracked in 60 seconds. Read more

www.infosecwriters.com:
An Introduction to Linux Kernel Backdoors. Read more

www.infosecwriters.com:
Exploitation of Buffer Overflow Vulnerabilities Under Windows XP. Read more

www.infosecwriters.com:
The Anatomy of Cross Site Scripting. Read more

www.infosecwriters.com:
Alert Verification. Determining the success of intrusion attempts. Read more

www.infosecwriters.com:
A lightweight virtual machine for running user-level operating systems. Read more

 

Vulnerabilities & Exploits
www.securiteam.com
Microsoft Internet Explorer Keyboard Shortcut Processing. Read more

 

News
www.securitypipeline.com:
Microsoft Promises To Patch Worsening Zero-Day Flaw. Read more

www.securityfocus.com:
Windows 0-day exploit found on Web. Read more

www.securitypronews.com:
XP Victim Of Zero-Day Exploit. Read more

blogs.washingtonpost.com:
Update on the Critical Unpatched Windows Flaw. Read more

www.eweek.com:
Analysts Fret as Adware Makers Leverage WMF Flaw. Read more

www.websensesecuritylabs.com:
Informational Alert: Zero-day profiteering. Read more

www.wired.com:
How Click Fraud Could Swallow the Internet. Read more

money.cnn.com:
Record bad year for tech security. Read more

www.securityfocus.com:
Data security moves front and center in 2005. Read more

www.securityfocus.com:
Settlement proposed in Sony BMG case. Read more

www.theregister.co.uk:
Spammers eschew porn for penis patches. Read more

recordingindustryvspeople.blogspot.com:
Programmer Challenges RIAA "Investigation" in Court Papers Filed Dec. 28th to Vacate "Ex Parte" Order. Read more

www.redherring.com:
Supercomputers Rebound. Read more

. 29 December 2005

Guides, Papers, etc
www.microsoft.com:
RATs: Remote Access Trojans and how to help avoid them. Read more

sunbeltblog.blogspot.com:
Workarounds for the WMF exploit. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Microsoft Windows WMF Handling Remote Code Execution Vulnerability. Read more

securitytracker.com:
Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code. Read more

www.debian.or:
DSA-928-1 dhis-tools-dns -- insecure temporary file. Read more

www.debian.or:
DSA-927-1 tkdiff -- insecure temporary file. Read more

securitytracker.com:
BZFlag Callsign Input Validation Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Juniper NetScreen-Security Manager 'guiSrv' and 'devSrv' Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
dBpowerAMP Music Converter Buffer Overflow in '.m3u' Playlist Files May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Ethereal IRC and GTP Dissectors Let Remote Users Deny Service. Read more

securitytracker.com:
Spb Kiosk Engine Discloses Administrative Password to Local Users. Read more

securitytracker.com:
IceWarp Web Mail Multiple Include File Bugs Let Remote Users Execute Arbitrary Code. Read more

 

News
Microsoft Security Advisory (912840)
www.microsoft.com:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. Read more

www.securityfocus.com:
Windows 0-day exploit found on Web. Read more

news.zdnet.co.uk:
Exploit targets hole in Windows. Read more

www.websensesecuritylabs.com:
Malicious Website / Malicious Code: Zero-day IE .WMF Exploit. Read more

www.websensesecuritylabs.com:
Malicious Website / Malicious Code: Zero-day IE .WMF Exploit. Video

www.msnbc.msn.com:
NSA used banned data-tracking on Web site. Read more

australianit.news.com.au:
Phishers target NAB. Read more

www.theregister.co.uk:
Man admits to eBay DDoS attack. Read more

www.detnews.com:
Man pleads guilty to unleashing attack on eBay. Read more

www.techworld.com:
ABN Amro eyes electronic data transfers after tape loss incident. Read more

www.redherring.com:
Who Owns the Internet 2006? Read more

www.betanews.com:
Year in Review: Microsoft Takes Charge. Read more

today.reuters.co.uk:
Men want facts, women seek relations on Web - survey. Read more

media.aoltimewarner.com:
Hey, 'Donald Trump Wants You'!! (... & Other Lies Told by Spammers in 2005). Read more

www.theregister.co.uk:
Virus poses as MSN Messenger 8. Read more

www.wired.com:
Hackers Rebel Against Spy Cams. Read more

today.reuters.co.uk:
China says winning war on Internet pornography. Read more

. 28 December 2005

Guides, Papers, etc
www.schneier.com:
Is the NSA Reading Your E-Mail? Read more

security.ithub.com:
A Man and His Vision for the Browser. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Bugzilla 'syncshadowdb' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

 

News
www.betanews.com:
Year in Review: Microsoft Takes Charge. Read more

www.securitypronews.com:Read more

www.chron.com:
When it comes to security, the news isn't always grim. Read more

searchsecurity.techtarget.com:
2005's IT winners and losers. Read more

news.bbc.co.uk:
Criminals target viruses for cash. Read more

news.zdnet.co.uk:
Gartner warns of trap in Vista metadata. Read more

today.reuters.co.uk:
China to get tough on cellphone fraud, spam. Read more

www.redherring.com:
Spam Plagues Blogs. Read more

www.vnunet.com:
Time to come clean about hacking. Read more

. 27 December 2005

Guides, Papers, etc
bcheck.scanit.be:
The Browser Security Test. A Year Of Bugs. Read more

software.newsforge.com:
Browser developers meet, see eye to eye on security. Read more

www.eweek.com:
A Man and His Vision for the Browser. Read more

www.theregister.co.uk:
Rootkits, cybercrime and OneCare. Read more

earchsecurity.techtarget.com:
Spyware, application attacks to be biggest 2006 threats. Read more

www.securityfocus.com:
NSA spying broader than initially reported. Read more

blogs.securiteam.com:
Chronology of a 0-Day Excel Vulnerability. Read more

pakavenue.com:
How to Protect Against Computer Viruses. Read more

castlecops.com:
Make lots of money within 45 days. Read more

www.dailysouthtown.com:
How to keep eye on kids' computer. Read more

www.eweek.com:
IM Threats: The Dark Side of Innovation. Read more

www.peacefire.org:
How to disable your blocking software. Read more

www.eweek.com:
Latest Vista Beta Is Just a Pretty Face. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
DEV web management system Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
PC NetLink 'slsadmin' Unsafe Temporary Files Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
PC NetLink 'slsmgr' Unsafe Temporary Files Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
MyBB Input Validation Errors in Multiple Scripts Let Remote Users Inject SQL Commands. Read more

securitytracker.com:
OracleAS Discussion Forum Portlet Discloses Contents of Files on the System. Read more

securitytracker.com:
OracleAS Discussion Forum Portlet Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
McAfee VirusScan Bug in 'naPrdMgr.exe' Lets Local Users Gain Elevated Privileges. Read more

www.airscanner.com:
Spb Kiosk Engine Administrator Password & Information Disclosure (Local). Read more

 

News
www.betadot.com:
NSA Create Spyware, Release to Targets. Read more

www.consumerist.com:
Sony Style Stores Still Selling Rootkit CDs. Read more

www.2-spyware.com:
Don�t take any gifts from Santa IM. Read more

www.playfuls.com:
Spanish Speaking Trojan Hits The Net. Read more

www.pcworld.com:
Security Trends: Follow the Money. Read more

. 24 December 2005

Guides, Papers, etc
www.sockpuppet.org:
Why I Love Vulnerability Analysis In 2005. Read more

www.securitypipeline.com:
Symantec, McAfee Problems May Lead To Sea Change In Antivirus Industry. Read more

www.securitypark.co.uk:
Protecting against undefined exploits and security threats. Read more

www.japantimes.co.jp:
Net transactors warned to beware of spyware. Read more

www.eweek.com:
Tis The Season For Security Software. Read more

www.it-observer.com:
Demystifying Security Enhanced (SE) Linux. Read more

news.com.com:
Boy joins a sordid online world through his Webcam. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
httprint Input Validation Error in 'Server' Field Lets Remote Users Injection Scripting Code or Deny Service. Read more

securitytracker.com:
Linux Kernel Can Be Crashed By Local Users Due to Excessive Socket Buffer Memory Consumption. Read more

securitytracker.com:
FTGate Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

www.debian.org:
DSA-926-2 ketm -- buffer overflow. Read more

www.debian.org:
DSA-925-1 phpbb2 -- several vulnerabilities. Read more

 

News
www.informationweek.com:
InformationWeek Exclusive: Justice Department Reveals Social Security Numbers. Read more

www.ciol.com:
2005: The year of the worm. Read more

www.pcworld.com:
Spam Wars Still Rage, Critics Say. Read more

www.informationweek.com:
Opera Denies Microsoft Buyout Rumors. Read more

www.digitimes.com:
Taiwan companies complain of difficulties getting Skype licenses Read more

. 23 December 2005

Guides, Papers, etc
mix06.com:
MIX06, a A 72-hour conversation between developers, designers and business professionals to explore high-fidelity commerce, content, media, services and security. Read more

www.techworld.com:
The secret life of a rootkit. Read more

msdn.microsoft.com:
Browsing the Web and Reading E-mail Safely as an Administrator. Read more

blogs.securiteam.com:
Payback for Ciscogate - new trend? Read more

www.windowsecurity.com:
Remote Authentication: Different Types and Uses. Read more

news.bbc.co.uk:
Give Mac Explorer to the people. Read more

www.sanrasoft.com:
'Rudra,' a breakthrough anti-virus technology. Read more

abcnews.go.com:
Spam Slayer: FTC's CAN-SPAM Report Card. Read more

www.computerworld.com:
Encryption: A nice idea that few want to implement? Read more

www.eweek.com:
A Better Windows Permission Model. Read more

blogs.securiteam.com:
Defining �Authorized�. Read more

firewallmovie.warnerbros.com:
Firewall: The Movie. Read & Watch

 

Vulnerabilities & Exploits
www.kb.cert.org:
VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands. Read more

securitytracker.com:
Apple QuickTime Buffer Overflow in Playing '.mov' Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple iTunes Buffer Overflow in Playing '.mov' Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PhpGedView Include File Bug in 'help_text_vars.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Portfolio NetPublish Input Validation Hole Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Interaction SIP Proxy Buffer Overflow in SIPParser() Lets Remote Users Deny Service. Read more

securitytracker.com:
Eudora WorldMail Server Buffer Overflow in Processing IMAP Commands Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
McAfee SecurityCenter 'MCINSCTL.DLL' Lets Remote Users Create or Overwrite Arbitrary Files on the Target System. Read more

securitytracker.com:
udev Insecure File Permissions in '/dev/input' May Let Local Users Obtain Sensitive Information. Read more

securitytracker.com:
Pegasus Mail Buffer Overflows in Processing POP3 Mail and Displaying Message Headers Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Anti Virus Library Buffer Overflows in Processing RAR Format Sub-Block Header Length Values Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Fetchmail Can Be Crashed By Remote Users By Sending a Headerless Message. Read more

 

News
www.theregister.co.uk:
Critical Symantec bug hits 40 products. Read more

www.betanews.com:
Security Vulnerability Found in VMware. Read more

www.techworld.com:
ABN Amro loses two million customers' details. Read more

www.newkerala.com:
'Sanrasoft' unveils 'Rudra' . Read more

www.betanews.com:
EU Threatens Microsoft with Daily Fines. Read more

www.redherring.com:
Symantec, McAfee Battle Flaws. Read more

www.techworld.com:
Anti-porn tool now in Mozilla flavour. Read more

www.tmcnet.com:
The worm returns. Read more

www.eweek.com:
Botnet Uses BitTorrent to Push Movie Files. Read more

www.theinquirer.net:
Guidance Software hacked claim - alerts Secret Service. Read more

www.theregister.co.uk:
Finnish filesharers to be pilloried in public. Read more

. 22 December 2005

Guides, Papers, etc
conference.eicar.org:
15th EICAR Annual Conference. Read more

blogs.washingtonpost.com:
Ranking Response Times for Anti-Virus Programs. Read more

blogs.securiteam.com:
Payback for Ciscogate - new trend? Read more

blogs.securiteam.com:
Games and the Dark Side of Security. Read more

www.stuff.co.nz:
Tunnel rat, global hacker, or white supremacist? Read more

www.infectionvectors.com:
Brick by brick: Platforms, Viruses, Doorstops. Read more

media.libsyn.com:
Inside SBS Episode #13 - Spam Prevention on SBS 2003. Listen

www.oag.state.tx.us:
Sony RootKit. Watch Video

 

Tools:
www.amustsoft.com:
AMUST eCondom� for Internet Explorer. Read more

www-128.ibm.com:
Linux screensaver for Windows. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Macromedia JRun 4 Web Server URL Parsing Buffer Overflow Vulnerability. Read more

securitytracker.com:
Cisco IOS EIGRP Bugs Let Remote Users Deny Service or Obtain Potentially Sensitive Information. Read more

securitytracker.com:
HP Software Distributor Unspecified Bug Lets Remote Users Access the System. Read more

securitytracker.com:
Plogger '/admin/plog-admin-functions.php' Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ELOG elogd Can Be Crashed By Remote Users. Read more

www.securiteam.com:
Google.com UTF-7 XSS Vulnerabilities. Read more

www.debian.org:
DSA-924-1 nbd -- buffer overflow. Read more

 

News
news.zdnet.co.uk:
Symantec security products hit by high-risk flaw. Read more

news.zdnet.co.uk:
Yahoo security weakness revealed. Read more

news.com.com:
New spyware claim against Sony BMG. Read more

www.oag.state.tx.us:
Attorney General Abbott Slaps Sony With New Spyware Violation. Read more

www.technewsworld.com:
IM Worm Dresses Up Like Santa. Read more

www.channelregister.co.uk:
Hackers download pirate movies onto compromised PCs. Read more

www.informationweek.com:
Indian Firm Claims Its Anti-Virus Solution Stops Threats. Read more

www.theregister.co.uk:
You're infected so pay us to get infested. Read more

news.zdnet.com:
Google plugs 'obscure' phishing holes. Read more

. 21 December 2005

Guides, Papers, etc
www.virusbtn.com:
VB2006 call for papers. Read more

www.emailbattles.com:
Rootkit Guru: AntiVirus Makes Me Do It. Read more

www.acm.uiuc.edu:
Introduction to Reverse Engineering Software. Read more

www.hackingciscoexposed.com:
Hacking Exposed Cisco Networks. Sample Chapter (pdf). Read more

blogs.zdnet.com:
Top 10 tricks causing spyware epidemic. Read more

mirror.bitform.net:
The Risks of Metadata and Hidden Information. Read more

 

Vulnerabilities & Exploits
www.rem0te.com:
Symantec Antivirus Library Rem�te Heap Overflows Security Advisory. Read more

www.idefense.com:
McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite Vulnerability. Read more

www.idefense.com:
Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability. Read more

securitytracker.com:
MailEnable Buffer Overflow in IMAP EXAMINE Command Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
HP WBEM Services Unspecified Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft IIS Lets Remote Users Deny Service With Four Malformed HTTP GET Requests. Read more

 

News
www.techweb.com:
Symantec Anti-virus Software Open To Attack. Read more

software.silicon.com:
Mobile viruses to bite next year? Read more

www.securityfocus.com:
Sober virus scares up child-porn confession. Read more

www.channelregister.co.uk:
Computer forensics firm Guidance hacked. Read more

www.playfuls.com:
Santa IM Worm Is Coming To Town With Rootkits. Read more

www.redherring.com:
How Google-AOL Alters Search. Read more

searchsecurity.techtarget.com:
E-greetings, screensavers bring more tears than cheers. Read more

. 20 December 2005

Guides, Papers, etc
www.gi-ev.de:
SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Read more

pluralsight.com:
Hall Of Shame. This wiki page is dedicated to the thousands of applications that break when run as non-admin. Read more

ddanchev.blogspot.com:
Cyberterrorism � don�t stereotype and it�s there! Read more

p2pnet.net:
The new horror: smart viruses. Read more

nwc.networkingpipeline.com:
The Worst Network Security Horror Stories. Read more

www.securenet.de:
SESSION RIDING. A Widespread Vulnerability in Today's Web Applications. Read more

www.blacklisted411.net:
BLACKLISTED 411, Edition 1. Read more

 

Vulnerabilities & Exploits
blogs.securiteam.com:
Bypassing Gmail Executable Blocking. Read more

 

News
www.washingtonpost.com:
Hackers Break Into Computer-Security Firm's Customer Database. Read more

www.theregister.co.uk:
UK shelters from smut Trojan blitz. Read more

www.theinquirer.net:
Christmas worm unleashed. Read more

www.securityfocus.com:
Selling people information about themselves. Read more

www.websensesecuritylabs.com:
Informational Alert: Spyware Lures to Install Potentially Unwanted Software. Read more

www.theregister.co.uk:
Chile and Peru fight merciless hacker war. Read more

www.thsv.org:
Vietnam Pressured To Release Jailed Internet Users. Read more

blogs.washingtonpost.com:
Database Hack Exposes Police Financial Data. Read more

www.eweek.com:
MS Research: Typo-Squatters Are Gaming Google. Read more

www.theregister.co.uk:
Update glitch spins out IE7 beta testers. Read more

news.bbc.co.uk:
Hi-tech firms censured over China. Read more

www.theregister.co.uk:
Gates joins PC as 'person' of year. Read more

news.bbc.co.uk:
End nears for Mac version of IE. Read more

www.redherring.com:
Microsoft Updates Vista. Read more

www.redherring.com:
3 Charged With Modifying Xbox. Read more

www.bbvforums.org:
12-13-05: Devastating hack proven - L...Read more

. 19 December 2005

Guides, Papers, etc
www.benedelman.org:
Deciding Who To Trust. Read more

podcasts.theworld.org:
Today's podcast highlights new threats to your computer and its critical systems. We join a press conference given by the SANS Institute, which monitors all manner of cyberthreats across the globe. Find out how hackers are changing their strategies, and what it means, not just for the individual computer user, but also for the military and for the Department of Homeland Security. Listen

www.technologyreview.com:
The Internet Is Broken. The Net's basic flaws cost firms billions, impede innovation, and threaten national security. It's time for a clean-slate approach, says MIT's David D. Clark. Read more

nwc.securitypipeline.com:
Survivor's Guide to 2006: Security. Read more

csrc.nist.gov:
Wireless Network Security. 802.11, Bluetooth and Handheld Devices. Read more

www.wormblog.com:
Dasher Analysis and Thoughts. Read more

edition.cnn.com:
Hacking the hackers. Watch

www.informit.com:
From a Distance: Using RealVNC to Control Your PC from Far Away (for Free). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Clean Access Lack of Authentication in Secure Smart Manager Lets Remote Users Deny Service. Read more

securitytracker.com:
Mercury Mail Transport System Buffer Overflow in Mailbox Name Service Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Citrix Program Neighborhood Client Buffer Overflow in Processing Application Names May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Citrix Program Neighborhood Client Lets Local Users Obtain Cached Passwords. Read more

www.debian.org:
DSA-923-1 dropbear -- buffer overflow. Read more

 

News
news.bbc.co.uk:
Holes found in PC virus defences. Read more

observer.guardian.co.uk:
How Sony became an ugly sister. Read more

news.bbc.co.uk:
Microsoft's vision of the future. Read more

searchsecurity.techtarget.com:
Trio of trouble: Malcode targets Windows, IM users. Read more

www.internetnews.com:
W3C to Workshop Web Security. Read more

www.usatoday.com:
Meth addicts' other habit: Online theft. Read more

. 17 December 2005

Guides, Papers, etc
www.microsoft.com:
Security Management - December 2005. Read more

www.microsoft.com:
ISA Server Port Scan Alerts. Read more

techrepublic.com.com:
Boost IE security by disabling Active Scripting and ActiveX controls. Read more

www.techweb.com:
Regular Patch Schedules "Two-Edged Sword". Read more

www.eweek.com:
Don't Hold Out Hopes For Anti-Rootkit Chips. Read more

www.infosecwriters.com:
Low Cost Technique for Intrusion Detection. Read more

cr.yp.to:
Cache-timing attacks on AES. Read more

www.daemonology.net:
CACHE MISSING FOR FUN AND PROFIT. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
ColdFusion MX Sandbox Lets Local Users Bypass CreateObject Restrictions and Obtain Authentication Information. Read more

securitytracker.com:
JRun Server Discloses Source Code to Remote Users and Lets Remote Users Deny Service. Read more

securitytracker.com:
ColdFusion MX Bugs Let Remote Users Bypass Sandbox Restrictions and Attach and E-mail Arbitrary Files. Read more

securitytracker.com:
SSH Tectia Server Host-Based Authentication Error May Let Certain Remote Users Access the Target System. Read more

securitytracker.com:
IBM AIX Buffer Overflow in slocal Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
IBM AIX Buffer Overflow in muxatmd Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
OpenCms Input Validation Error in Login Page in the 'ocUname' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Limbo CMS Input Validation Holes Let Remote Users Include Local Files, Execute SQL Commands, and Execute Arbitrary Code. Read more

securitytracker.com:
Edgewall Trac Input Validation Bug Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Watchfire AppScan Buffer Overflow in Processing HTTP 401 Response Messages Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.emailbattles.com:
Rootkit Guru: The Evil in Sony BMG. Read more

www.websensesecuritylabs.com:
Phishing Alert: Internal Revenue Service. Read more

news.zdnet.com:
Microsoft patch jams up IE. Read more

Microsoft sues resellers over MAPs 'abuse'. Read more

www.networkworld.com:
Trusted chip assures endpoint integrity. Read more

www.clickz.com:
The Deadly Duo: Spam and Viruses, November 2005. Read more

www.theage.com.au:
What's in a (malware) name? Read more

www.vnunet.com:
Christmas worms target Microsoft. Read more

. 16 December 2005

Guides, Papers, etc
blogs.securiteam.com:
The Evil of Silent Patches: Microsoft�s Three-Year-Old Hole. Read more

www.schneier.com:
Crypto-Gram Newsletter. December 15, 2005. Read more

astalavista.com:
The SASSER Event: History and Implications. Read more

astalavista.com:
Indirect Detection of Mass Mailing Worm-Infected PC terminals for Learners. Read more

www.securityfocus.com:
Demystifying Denial-Of-Service attacks, part one. Read more

www.infosecwriters.com:
Footprinting: What is it and How Do You Erase Them. Read more

www.windowsecurity.com:
Access Controls: What is it and how can it be undermined? Read more

files.malwareblog.com:
Symantec Theme Song. Listen

 

Tools:
metasploit.com:
Metasploit 3.0 released. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP-UX TCP/IP Stack May Consume Excessive System Resources When Under IP Fragment Attacks. Read more

securitytracker.com:
IBM WebSphere Input Validation Flaws in Certain Sample Scripts Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ZixForum Input Validation Hole in 'H_ID' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Trend Micro ServerProtect Buffer Overflows and Other Bugs Permit Remote Code Execution, Denial of Service, and File Disclosure. Read more

securitytracker.com:
Trend Micro PC-cillin Unsafe File Permissions Let Local Users Obtain Elevated Privileges. Read more

www.cybsec.com:
Watchfire AppScan QA Remote Code Execution. Read more

 

News
www.theregister.co.uk:
Dasher worm targets October Windows vuln. Read more

www.esecurityplanet.com:
Security Researcher: Rootkits Common for Spyware. Read more

news.bbc.co.uk:
Hackers fuel Peru-Chile rivalry. Read more

searchsecurity.techtarget.com:
Roundup: 2005's 'curious malicious code'. Read more

www.eweek.com:
Anti-spyware Battles Rootkits with Rootkit Tactics. Read more

news.com.com:
Microsoft security zaps laptop tracer. Read more

www.pcworld.com:
Security Breach Exposes Credit Cards. Read more

www.scmagazine.com:
Study: employees leak secrets. Read more

www.washingtonpost.com:
Google Trying to Make Music Searches Smoother. Read more

www.vnunet.com:
Dutch hacking group cracks Xbox 360. Read more

. 15 December 2005

Guides, Papers, etc
www.twitchguru.com:
Confessions of an Honest Cracker. Read more

users.ece.gatech.edu:
Spatial-Temporal Modeling of Malware Propagation in Networks. Read more

www.medasys.com:
The IP Smart Spoofing. Read more

www.msnbc.msn.com:
Let�s see some ID, please. The end of anonymity on the Internet? Read more

www.eweek.com:
Where Do You Put Your Security Dollars? Read more

 

Tools:
www.securityfocus.com:
Free, full-featured, still available -- choose any two. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability. Read more

www.idefense.com:
Trend Micro ServerProtect Crystal Reports ReportServer File Disclosure. Read more

www.idefense.com:
Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability. Read more

www.idefense.com:
Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow. Read more

www.debian.org:
DSA-922-1 kernel-source-2.6.8 -- several vulnerabilities. Read more

www.debian.org:
DSA-921-1 kernel-source-2.4.27 -- several vulnerabilities. Read more

www.debian.org:
DSA-920-1 ethereal -- buffer overflow. Read more

securitytracker.com:
Apple QuickTime Unspecified Heap Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BusinessObjects Web Intelligence Lets Remote Users Lock Out Arbitrary Accounts. Read more

securitytracker.com:
toendaCMS Input Validation Hole in 'id' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Opera Browser May Let Remote Users Obfuscate the Download Dialog Box. Read more

securitytracker.com:
PHP Support Tickets Input Validation Holes Let Remote Users Inject SQL Commands and Bypass Authentication. Read more

securitytracker.com:
Envolution Input Validation Holes in News Module Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users. Read more

securitytracker.com:
Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box. Read more

securitytracker.com:
Microsoft Internet Explorer Bug in Instantiating COM Objects May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges. Read more

 

News
today.reuters.co.uk:
EU parliament adopts anti-terrorism data rules. Read more

www.tmcnet.com:
Experts Gather in Oman for Global Forum on Internet Security. Read more

www.theregister.co.uk:
Cybercrims target Xmas shoppers. Read more

australianit.news.com.au:
Hacking 'illegal', says China. Read more

www.websensesecuritylabs.com:
Malicious Website / Malicious Code: Chinese Government website hosting Trojan Keylogger. Read more

www.theregister.co.uk:
MS releases IE �berpatch. Read more

news.zdnet.com:
Microsoft security zaps laptop tracer. Read more

www.theregister.co.uk:
Dutch piracy link site returns. Read more

www.communications-news.com:
SECURITY PROFESSIONALS WELL-PAID AND IN INCREASING DEMAND. Read more

abcnews.go.com:
New Virus Marks New Strategy. Read more

www.usdoj.gov:
Plano Man Convicted of Computer Sabotage. Read more

www.securityfocus.com:
Diebold troubled by e-voting security. Read more

www.theregister.co.uk:
UK shopkeepers beating online fraud. Read more

news.bbc.co.uk:
Xbox 360 copy protection cracks. Read more

. 14 December 2005

Guides, Papers, etc
www.emailbattles.com:
Rootkit Guru: Win 9x/ME Are Hopeless. Read more

redtape.msnbc.com:
A PC CAN BE A RISKY GIFT. Read more

www.windowsecurity.com:
Will upgrading to 64 Bit Windows make you More Secure? Read more

www.informationweek.com:
Don't Overlook Internal E-Mail Monitoring. Read more

www.eeye.com:
Generic Anti-Exploitation Technology for Windows. Read more

www.thetechzone.com:
Cracking Passwords. Read more

 

Tools:
www.securityfocus.com:
Nessus 3 released, remains free. Read more

 

Vulnerabilities & Exploits
secunia.com:
Internet Explorer Suppressed "Download Dialog" Vulnerability. Read more

securitytracker.com:
Flash Media Server Lets Remote Users Deny Service. Read more

securitytracker.com:
phpCOIN Include File Bug in 'coin_includes/db.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Imoel CMS Discloses SQL Password to Remote Users. Read more

securitytracker.com:
SCO UnixWare uidadmin '-S' Buffer Overflow Lets Local Users Gain Root Privileges. Read more

 

News
Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915). Read more

blogs.washingtonpost.com:
Microsoft Patches Critical Browser Flaw.
IE patch also removes a component left behind by a patch from Sony BMG designed to remove some of the more dangerous features of anti-piracy software installed by Sony BMG music CDs. Read more

www.securityfocus.com:
Microsoft fixes five flaws. Read more

www.it-observer.com:
ISF Report Warns of New VoIP Security Threats. Read more

www.scmagazine.com:
End of 2005 sees virus count rise with �alarming force�. Read more

www.techworld.com:
Found a security hole? It could be worth $2,000. Read more

www.theregister.co.uk:
Sony BMG shortlisted for 'internet villain' gong. Read more

www.rollingstone.com:
Copy-Protection Troubles Grow. Read more

www.techworld.com:
eEye enters anti-virus market. Read more

www.theregister.co.uk:
Hackers topple Kremlin-sponsored broadcaster. Read more

www.computerworld.com:
Update: Security breach at Sam's Club exposes credit card data. Read more

www.tmcnet.com:
MS Ignores Plea for Window 98 Security Patches. Read more

www.theregister.co.uk:
ID fraudsters target job centre staff. Read more

www.theregister.co.uk:
MSN and MCI do VoIP. Read more

www.theregister.co.uk:
Virtual war is worrying. Read more

. 13 December 2005

Guides, Papers, etc
www.sysinternals.com:
Circumventing Group Policy as a Limited User. Read more

www.informit.com:
Who owns an exploit? Read more

today.reuters.com:
Fears over identity theft overblown: US study. Read more

www.mcpressonline.com:
Building a Better Virus Trap. Read more

www.securityfocus.com:
Users inundated with pop-ups. Read more

www.wired.com:
The Firefox Hacks You Must Have. Read more

www.rootkit.com:
The Tamper Proof Container, Rootkits, and the Sony Rant. Read more

cnscenter.future.co.kr:
Computer Parasitology. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Nortel SSL VPN Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting and Command Execution Attacks. Read more

securitytracker.com:
Apani Networks EpiForce IPSec IKE Processing Lets Remote Users Deny Service. Read more

securitytracker.com:
FlatNuke 'read' Module Discloses Authentication Credentials to Remote Users. Read more

securitytracker.com:
Torrential 'getdox.php' Input Validation Bugs Disclose Files on the Target System and Permit Cross-Site Scripting Attacks. Read more

www.idefense.com:
SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability. Read more

www.debian.org:
DSA-919-1 curl -- buffer overflow. Read more

 

News
www.boingboing.net:
Privacy implications of Microsoft's Windows Live Local. Read more

www.2-spyware.com:
Beware of malicious e-greetings and fraudulent seasonal e-mails. Read more

www.smh.com.au:
Hacker knocks TV channel off air. Read more

www.securityfocus.com:
New SSL certificates coming. Read more

news.bbc.co.uk:
Sony BMG repents over CD debacle. Read more

news.bbc.co.uk:
Malicious worm that talks back. Read more

www.securityfocus.com:
SANS looks to security by degrees. Read more

news.bbc.co.uk:
Online anti-piracy service closes. Read more

www.theregister.co.uk:
Small security bug in Firefox, users unscathed. Read more

www.technewsworld.com:
'Tis the Season for Holiday Spamming. Read more

www.betanews.com:
Woman Loses Appeal Against RIAA. Read more

www.betanews.com:
Music Industry to Attack Lyric, Tab Sites. Read more

. 12 December 2005

Guides, Papers, etc
www.infectionvectors.com:
Agobot and the .Kit.chen Sink. Read more

astalavista.com:
Bots and Botnets : Risks, Issues and Prevention. Read more

blogs.securiteam.com:
On �Responsible Disclosure�: Stripping the Veil From Corporate Censorship. Read more

astalavista.com:
Anti-Malware Tools: Intrusion Detection Systems. Read more

www.eweek.com:
Post-New Year's Sobriety, Guaranteed. Read more

www.yubanet.com:
Clarkson University Engineer Outwits High-Tech Fingerprint Fraud. Read more

www-128.ibm.com:
Mastering Ajax, Part 1: Introduction to Ajax. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Ethereal Buffer Overflow in OSPF Dissector dissect_ospf_v3_address_prefix() Function May Permit Remote Code Execution. Read more

securitytracker.com:
HP Secure Web Server for Tru64 UNIX XMLRPC Bug Lets Remote Users Execute Arbitrary PHP Code. Read more

securitytracker.com:
Website Baker Username Input Validation Error Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
DRZES HMS Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

 

News
www.eweek.com:
Vista Stakes Its Future on Security. Read more

english.yna.co.kr:
S. Korea unveils steps against hacking of online game items. Read more

www.vnunet.com:
Zero day Excel hacker takes on ebay. Read more

www.newsfactor.com:
New Virus Spreads by Chatting with You. Read more

fraudwar.blogspot.com:
Should We Consider Nazis Potential Terrorists? Read more

msnbc.msn.com:
Users confuse search results and ads. Read more

www.technewsworld.com:
Attention, Online Shoppers: Be Wary. Read more

www.networkworld.com:
Airport passcodes leaked from virus-infected PC. Read more

www.betanews.com:
P2P Flooder Overpeer Ceases Operation. Read more

www.eweek.com:
Flash Memory: Today the iPod, Tomorrow the World? Read more

. 10 December 2005

Guides, Papers, etc
www.zdnet.com.au:
To catch a spy: Anti-spyware tools reviewed. Read more

www.securitypipeline.com:
Anti-Virus Vendors Struggle To Keep Up With Attacks. Read more

reviews.cnet.com:
Your antivirus software has B.O. Read more

www.vnunet.com:
Lock down your USB ports. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed. Read more

securitytracker.com:
PerlCal Input Validation Error in 'p0' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Sun Solaris Sun Update Connection Services May Disclose Web Proxy Password to Local Users. Read more

securitytracker.com:
[Vendor Disputes Claim] Mozilla Firefox Buffer Overflow in Loading 'history.dat' Lets Remote Users Deny Service. Read more

 

News
www.securityfocus.com:
Sober reality set to strike again. Read more

www.theregister.co.uk:
Microsoft tackles pirate software firm. Read more

www.securityfocus.com:
eBay pulls vulnerability auction. Read more

www.theregister.co.uk:
Click fraud suit changes hand. Read more

techrepublic.com.com:
Is Sony's rootkit just the tip of the iceberg? Read more

www.theregister.co.uk:
SonyBMG backtracks on buggy bug fix. Read more

www.freedom-to-tinker.com:
CD Copy Protection: The Road to Spyware. Read more

news.bbc.co.uk:
Sony BMG repents over CD debacle. Read more

software.silicon.com:
Hackers steal details of 2,000 charity donors. Read more

www.internetnews.com:
Do Hackers Look Before They Leap? Read more

www.techweb.com:
eBay Yanks Listing For Excel Bug. Read more

www.theinquirer.net:
Symantec to sell Norton as a service. Read more

www.theregister.co.uk:
Mobile WiMax spec becomes a standard. Read more

msnbc.msn.com:
Think your PC is safe online? Think again. Read more

news.bbc.co.uk:
The Big Poker Gamble. Read more

. 09 December 2005

Guides, Papers, etc
www.securitypipeline.com:
Rootkits Making More Spyware, Adware Stick. Read more

www.f-secure.com:
How Sober activates. Read more

www.csoonline.com:
How to Prevent and Detect Fraud. Read more

www.eweek.com:
By Larry Seltzer. Post-New Year's Sobriety, Guaranteed. Read more

www.windowsecurity.com:
Biometrics and You. Read more

www-128.ibm.com:
The future of HTML, Part 1: WHATWG. Read more

www.net-security.org:
The Unspoken Taboo � The Never Expiring Password. Read more

 

Tools:
fileforum.betanews.com:
RootkitRevealer 1.60. Read more

www.insecure.org:
Diet Nmap v3.95 Released. Read more

 

Vulnerabilities & Exploits
www.eff.org:
Media Max Access Control Vulnerability. Read more

www.debian.org:
DSA-918-1 osh -- programming error. Read more

www.debian.org:
DSA-917-1 courier -- programming error. Read more

securitytracker.com:
Sony Music CD (SunnComm Media Max) Unsafe Permissions Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Check Point VPN-1 SecureClient Lets Local Users Bypass Security Policy. Read more

securitytracker.com:
Dell TrueMobile 2300 Wireless Router Lets Remote Users Reset the Authentication Credentials. Read more

securitytracker.com:
KDE KOffice kpdf Buffer Overflows in Processing DCT and JPX Streams May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SimpleBBS Input Validation Hole in 'name' Parameter Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Sugar Suite Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM AIX umountall Absolute Path Bug Has Unspecified Impact. Read more

securitytracker.com:
HP-UX IPSec ESP Bug May Grant Access to Remote Users. Read more

securitytracker.com:
HP-UX IPSec Bug May Grant Access to Remote Users. Read more

 

News
www.scmagazine.com:
New attacks target small U.S. banks. Read more

www.thisismoney.co.uk:
The ignorant online fraud. Read more

www.securityfocus.com:
Significant fraction of online domains falsely registered. Read more

software.silicon.com:
Microsoft preps two-for-one security special. Read more

www.pcworld.com:
Intel Working on Rootkit Detection Techniques. Read more

zdnet.com.au:
Sober code cracked. Read more

software.silicon.com:
More flaws: Sony's latest patch comes unstuck. Read more

news.bbc.co.uk:
Anti-piracy CD problems vex Sony. Read more

searchsecurity.techtarget.com:
Fighting adware with� adware. Read more

www.securityfocus.com:
Consumers improving security, but gaps remain. Read more

www.technewsworld.com:
AOL Reports Imperiled User Security. Read more

www.theregister.co.uk:
Sober worm plans 5 January attack. Read more

www.theregister.co.uk:
Yahoo! targets! Skype! with! improved! VoIP! offer! Read more

software.silicon.com:
DoS attack risk for Firefox 1.5 users. Read more

www.pcmag.com:
Target: Firefox? Read more

today.reuters.com:
Study says 1 in 4 targets of e-mail phishing scams. Read more

www.macnn.com:
GoDaddy services unavailable to Safari users. Read more

. 08 December 2005

Guides, Papers, etc
www.f-secure.com:
F-Secure's Data Security Summary for 2005 is available in PDF. Part 1 Part 2

www.staysafeonline.org:
One in Four Computer Users Hit by Phishing Attempts Each Month, According to Major In-Home Computer Safety Study. Read more

www.eweek.com:
Where are Rootkits Coming From? Read more

www.security-assessment.com:
Exploiting Freelist[0] On Windows XP Service Pack 2. Read more

www.security-assessment.com:
Bugger The Debugger - Pre Interaction Debugger Code Execution. Read more

www.seomoz.org:
Beginner's Guide to Search Engine Optimization. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP-UX IPSec ESP Bug May Grant Access to Remote Users. Read more

securitytracker.com:
HP-UX IPSec Bug May Grant Access to Remote Users. Read more

securitytracker.com:
Ipswitch IMail Server IMAP LIST Command Bug Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
Ipswitch Collaboration Suite SMTP Command Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ASP Resources Forum Input Validation Flaws in 'forum.asp', 'register.asp', and 'search.asp' Permit SQL Injection Attacks. Read more

securitytracker.com:
Horde Internet Messaging Program (IMP) Lets Remote Users Conduct Cross-Site Scripting Attacks Using Special Character Encoding. Read more

securitytracker.com:
MultiVOIP Buffer Overflow in Processing INVITE Packet May Let Remote Users Execute Arbitrary Code. Read more

www.idefense.com:
Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass Vulnerability. Read more

www.debian.org:
DSA-916-1 inkscape -- buffer overflow. Read more

 

News
www.idefense.com:
iDefense Exposes Sober Worm Variant Timed with Nazi Party�s 87th Anniversary. Read more

www.varbusiness.com:
Symantec Warns of '06 Security Threat. Read more

www.freedom-to-tinker.com:
MediaMax Bug Found; Patch Issued; Patch Suffers from Same Bug. Read more

news.zdnet.co.uk:
EFF lifts curtain on new act of Sony DRM farce. Read more

www.wired.com:
Music Man Cracks DRM Schemes. Read more

www.emailbattles.com:
Rootkitters Lay in Wait for Vista 2006. Read more

www.techworld.com:
Security experts criticise malware list. Read more

www.securityfocus.com:
Trusting software. Read more

today.reuters.co.uk:
Yahoo undercuts Skype on voice call rates. Read more

www.betanews.com:
MS to Lock Down Security Zones in IE7. Read more

www.securityfocus.com:
Consumers improving security, but gaps remain. Read more

www.securityfocus.com:
Simple DoS for Firefox 1.5. Read more

www.theregister.co.uk:
Microsoft vows to fight South Korean antitrust ruling. Read more

. 07 December 2005

Guides, Papers, etc
www.gi-ev.de:
International Conference on IT-Incident Management & IT-Forensics. Read more

www.theregister.co.uk:
Anatomy of a failed virus attack. Read more

monitor.auckland.ac.nz:
New Mail System Detection Statistics. Read more

astalavista.com:
Botnets as a Vehicle for Online Crime. Read more

fettig.net:
How to make XmlHttpRequest calls to another server in your domain. Read more

www.isecpartners.com:
Cross�Site�Reference�Forgery�An�introduction�to�a�common�web�application�weakness. Read more

ha.ckers.org:
XSS cheat sheet Esp: for filter evasion. Read more

www.windowsecurity.com:
Protect your network from rogue users. Read more

 

Vulnerabilities & Exploits
www.eff.org:
SunnComm Makes Security Update Available To Address Recently Discovered Vulnerability On Its MediaMax Version 5 Content Protection Software, Which Is Included On Certain SONY BMG CDs. Read more

www.hacker.co.il:
Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information. Read more

securitytracker.com:
Sun Java System Messaging Server May Disclose Top-Level Administrator Password to Remote Users. Read more

securitytracker.com:
Sun Java System Application Server Reverse SSL Proxy Permits Man-in-the-Middle Attacks. Read more

securitytracker.com:
Total Commander Weak Encryption Algorithm Lets Local Users Obtain FTP Passwords. Read more

securitytracker.com:
Blog System Input Validation Holes Permit SQL Injection. Read more

securitytracker.com:
Xpdf Buffer Overflows in Processing DCT and JPX Streams May Let Remote Users Execute Arbitrary Code. Read more

 

News
www.eweek.com:
Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes. Read more

www.securityfocus.com:
MSBlast infected more than 25 million. Read more

www.securityfocus.com:
Bots doing the mambo. Read more

news.com.com:
New IM worm chats with intended victims. Read more

wired-vig.wired.com:
Firm Allegedly Hiding Cisco Bugs. Read more

www.eff.org:
Another Sony-BMG Security Vulnerability Discovered. Read more

www.theregister.co.uk:
EFF volunteers to lose important suit over Sony 'rootkit'. Read more

www.networklifemag.com:
Malware and rootkits team up for mayhem. Read more

www.vnunet.com:
November breaks all malware records. Read more

news.zdnet.co.uk:
McAfee: We can compete with Microsoft. Read more

news.zdnet.co.uk:
Sophos: Gates will be proved wrong about spam. Read more

www.vnunet.com:
Arabic news station hit by phishing attack. Read more

msnbc.msn.com:
Kazaa accused of flouting court order. Read more

www.channelregister.co.uk:
eBay UK takes down pirate software sales. Read more

. 06 December 2005

Guides, Papers, etc
blogs.securiteam.com:
On �Responsible Disclosure�: Stripping the Veil From Corporate Censorship. Read more

www.infosyssec.com:
The 2005 Christmas Security Girls. Read more

www.securitypronews.com:
Security Fluff: Hottest Ladies In Security. Read more

www.fepproject.org:
WILL FAIR USE SURVIVE? Free Expression in the Age of Copyright Control. Read more

www.eweek.com:
By Larry Seltzer. Is a New Vulnerability the Tip of the Perl Iceberg? Read more

www.eweek.com:
Two Years Later, Blaster Worm Still Squirming. Read more

www.f-secure.com:
Old skool virus fighting. Read more

channel9.msdn.com:
Video: Chris St.Amand and Jeff Stucky - Debugging Microsoft.com. Read more

abclocal.go.com:
Protect Yourself From Wi-Fi Hackers. Read more

itmanagement.earthweb.com:
Wireless Hackers 101. Read more

antivirus.about.com:
Don't Care for Windows OneCare. Read more

www.vnunet.com:
Virus honey-pots to immunise the web. Read more

www.redherring.com:
Video Game Ads Sway Users. Read more

 

Tools:
taosecurity.blogspot.com:
Tools Used in USENIX Day One Class. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
DoceboLMS 'connector.php' Bugs Let Remote Users View Directory Contents and Upload and Execute Arbitrary PHP Code. Read more

www.infohacking.com:
- Cisco IOS HTTP Server code injection vulnerability-Read more

www.infohacking.com:
- IE file downloading security warnings bypass - Read more

 

News
www.theregister.co.uk:
Bush administration control will cause net to split. Read more

www.freedom-to-tinker.com:
Hidden Feature in Sony DRM Uses Open Source Code to Add Apple DRM. Read more

www.boingboing.net:
Sony rootkit ripped off anti-DRM code to break into iTunes. Read more

www.theinquirer.net:
First wave of trojans washes over unpatched IE. Read more

www.scmagazine.com:
Sober now one in 13 emails. Read more

wildcat.arizona.edu:
The cold war on computers. Read more

www.biosmagazine.co.uk:
Be Warned Christmas MP3 Boom Brings Big Security Risks. Read more

www.computerworld.com:
Diebold faces e-voting machine hack test in California. Read more

www.businessweek.com:
For Sony, a Pain in the Image. Read more

news.com.com:
Cisco to enable advanced wireless services. Read more

www.betanews.com:
Microsoft Sued for Xbox 360 Problems. Read more

. 05 December 2005

Guides, Papers, etc
www.zdnet.com.au:
Inside Vista's Security Center. Read more

www.dsv.su.se:
Deficiencies in Current Software Protection Mechanisms and Alternatives for Securing Computer Integrity. Read more

www.cs.nott.ac.uk:
Cooperative Automated worm Response and Detection ImmuNe ALgorithm(CARDINAL) inspired by T-cell Immunity and Tolerance. Read more

www.infectionvectors.com:
Holiday Scheming. Read more

www.infectionvectors.com:
The Brains Behind the Operation. Read more

 

Vulnerabilities & Exploits
secway.org:
WinEggDropShell Multiple Remote Stack Overflow. Read more

securitytracker.com:
Help Desk 'install.php' Script Grants Remote Users Administrative Access. Read more

securitytracker.com:
Zen Cart Input Validation Hole in 'password_forgotten.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Citrix NFuse Elite Input Validation Flaw in Login Pages Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Citrix MetaFrame Secure Access Manager Input Validation Flaw in Login Pages Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Open Motif Buffer Overflows in diag_issue_diagnostic() and open_source_file() May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
Edgewall Trac Input Validation Flaw in 'group' Parameter Permits SQL Injection. Read more

securitytracker.com:
FreeWebStat Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
PHPX Input Validation Hole in 'auth.inc.php' Lets Remote Users Inject SQL Commands to Bypass Authentication. Read more

 

News
news.zdnet.co.uk:
Sober worm clogs Hotmail connections. Read more

www.msnbc.msn.com:
Cyber criminals gather on forgotten Web sites. Read more

www.heraldsun.news.com.au:
Google under attack on ads. Read more

www.usatoday.com:
Sony closes in on new program to cleanse PCs. Read more

www.theregister.co.uk:
Netgear admits wireless speed claims are misleading. Read more

www.theregister.co.uk:
Intellectual property rights to be reviewed in UK. Read more

www.computerworld.com.au:
Sony rootkit: A black eye for security vendors? Read more

www.infoworld.com:
Gmail virus scanning draws some user complaints. Read more

www.informationweek.com:
Security's Shaky State. Read more

news.com.com:
SNARFing your way through e-mail. Read more

www.iht.com:
New form of hacking raises alarms. Read more

. 03 December 2005

Guides, Papers, etc
fraudwar.blogspot.com:
Fraud, Phishing and Financial Misdeeds. Read more

www.nature.com:
How to immunize your computer. Read more

www.cs.berkeley.edu:
A Two-Layer Approach for Novel Email Worm Detection. Read more

 

Tools:
www.xray-ids.com:
The XRAY-IDS is the first Intrusion Detection System only for the Windows Operating System. Read more

 

Vulnerabilities & Exploits
www.hacker.co.il:
Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information. Read more

www.debian.org:
DSA-915-1 helix-player -- buffer overflow. Read more

www.debian.org:
DSA-914-1 horde2 -- missing input sanitising. Read more

www.debian.org:
DSA-913-1 gdk-pixbuf -- several vulnerabilities. Read more

 

News
news.com.com:
Sober worm stalls MSN, Hotmail. Read more

news.com.com:
Microsoft tweaks browser to avoid liability. Read more

www.securityfocus.com:
Federal flaw database commits to grading system. Read more

www.securityfocus.com:
IRS warns of phishing scam. Read more

www.theregister.co.uk:
Phishing with Google Desktop. Read more

www.theregister.co.uk:
Anti-virus scanner added to Google Gmail. Read more

www.macworld.com:
Gmail virus scanning draws some user complaints. Read more

www.mail-archive.com:
from the bad idea department. Read more

www.news24.com:
Hacker gets seven years. Read more

www.technewsworld.com:
Rooting Out Spyware: Sony's Lesson. Read more

www.businessweek.com:
For Sony, a Pain in the Image. Read more

www.computerworld.com:
Gartner: 2005 hurricanes prompt more companies to store data off-site. Read more

. 02 December 2005

Guides, Papers, etc
www.microsoft.com:
Win32/Blaster: A Case Study From Microsoft's Perspective. Read more

www.microsoft.com:
Defeating Polymorphism: Beyond Emulation White Paper. Read more

www.sysinternals.com:
Premature Victory Declaration? Read more

wired-vig.wired.com:
Don't Call It Spyware. Read more

www.cs.wfu.edu:
Malware Defense Using Network Security Authentication. Read more

www.mitretek.org:
Analytically Modeling Worm Attacks in Internet Protocol Networks. Read more

bnrg.cs.berkeley.edu:
Protocol-Independent Adaptive Replay of Application Dialog. Read more

www.crypto.com:
Signaling Vulnerabilities in Wiretapping Systems. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PHP mb_send_mail() May Let Users Inject SMTP Headers. Read more

securitytracker.com:
Panda Antivirus Heap Overflow in Processing ZOO Archives May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple Safari WebKit Buffer Overflow May Let Remote Users Execute Arbitrary Code and Other Bugs May Permit JavaScript Dialog Box Spoofing and File Download Location Modification. Read more

securitytracker.com:
Mac OS X syslog May Let Local Users Forge Log Entries. Read more

securitytracker.com:
Mac OS X passwordserver May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Mac OS X iodbcadmintool Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Mac OS X CoreFoundation Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
pcAnywhere Pre-Authentication Buffer Overflow Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco Security Agent Lets Local Users Execute Applications With Elevated Privileges. Read more

securitytracker.com:
Sun Java Runtime Environment (JRE) Unspecified Bug Lets Applets Gain Elevated Privileges. Read more

securitytracker.com:
Sun Java Runtime Environment (JRE) JMX Bug Lets Applets Gain Elevated Privileges. Read more

securitytracker.com:
Sun Java Runtime Environment (JRE) Reflection API Bugs Let Applets Gain Elevated Privileges. Read more

securitytracker.com:
GuppY Input Validation Flaw in 'error.php' Lets Remote Users Execute Arbitrary Code. Read more

www.adrianpv.com:
Google Talk Beta Messenger cleartext credentials in process memory. Read more

www.ush.it:
Free Web Stat Multiple XSS Vulnerabilities. Read more

www.debian.org:
DSA-911-1 gtk+2.0 -- several vulnerabilities. Read more

www.ush.it:
Multiple Vulnerabilities in WebCalendar. Read more

 

News
www.theregister.co.uk:
Trojan exploits unpatched IE flaw. Read more

www.theregister.co.uk:
Zone Labs sued over spyware classification. Read more

www.techworld.com:
Yet more Microsoft attacks. Read more

www.theregister.co.uk:
ICANN kills .xxx porn domain. Read more

spamkings.oreilly.com:
Blacklist stats suggest anti-spam progress. Read more

www.computing.co.uk:
Microsoft launches anti-virus service. Read more

in.today.reuters.com:
INTERVIEW - Cybercrime yields more cash than drugs - expert. Read more

www.theregister.co.uk:
Skype does video VoIP. Read more

news.bbc.co.uk:
Rush expected on EU domain name. Read more

www.eweek.com:
Podcast Hijacked, Held for Ransom. Read more


Copyright� MegaSecurity.org