Home    News Archive    Translate Traducen
News December 2006
31 December 2006

Guides, Papers, etc
www.f-secure.com:
First MMS exploit for phones has been released. Read more

isc.sans.org:
Postcard.exe - Let the mutations begin. Read more

www.symantec.com:
Me Code Write Good: The l33t Skillz of the Virus Writer. Read more

www.linklogger.com:
Capture, care and analysis of Malware made easy. Read more

www.computerworld.com:
Finding software security flaws. Read more

www.informationweek.com:
Microsoft: Vista's Secure, Not Perfect. Read more

www.techworld.com:
Wireless security starts with drivers. Read more

www.techworld.com:
CIO study finds Linux ready for prime-time. Read more

www.symantec.com:
Information Security in an Increasingly Collaborative World. Read more

cryptome.org:
The Futility of Digital Copy Prevention. Read more

 

Vulnerabilities & Exploits
www.geekzone.co.nz:
MMS exploit in the wild for Windows Mobile devices. Read more

securitytracker.com:
Total Commander Buffer Overflow in iso_wincmd Plugin Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
EasyNews PRO Discloses Password to Remote Users. Read more

securitytracker.com:
Durian Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.eetimes.com:
2006 declared 'Year of the Zombies'. Read more

www.slipperybrick.com:
GMail Users Reporting Mass Deletions. Read more

news.com.com:
Virtual reality to get its own network? Read more

www.technologyreview.com:
Plastic Sheet of Power. Printing flexible electronics on plastic provides a way to wirelessly power gadgets. Read more

. 30 December 2006

Guides, Papers, etc
www.technewsworld.com:
Predicting the Top Security Threats for 2007. Read more

www.darkreading.com:
2007: Trouble Ahead. Read more

blogs.securiteam.com:
Postcard.exe - be aware! Read more

blogs.securiteam.com:
Database errors - real life of security vendors too. Read more

www.viruslist.com:
Like clockwork. Read more

www.darkreading.com:
Resolved to Hack. Read more

msmvps.com:
The reminder of security. Read more

www.newsfactor.com:
Microsoft Looks Beyond Vista Bugs. Read more

aolradio.podcast.aol.com:
Audio: Security Now 72: Your Questions, Steve's Answers 14. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
AIDeX WebServer Lets Remote Users Deny Service By Sending Multiple Requests. Read more

 

Tools:
www.f-secure.com:
BlackLight Beta for Windows Vista and Windows 2003 Server x64. Read more

www.dailytech.com:
New Samsung Fuel Cell Dock Powers Laptop for a Full Month. Read more

 

News
economictimes.indiatimes.com:
Beware that anti-virus software. Read more

searchengineland.com:
Of Disappearing Sex Blogs & Google Updates. Read more

www.wired.com:
Computer Warming a Privacy Risk. Read more

www.securityfocus.com:
OneDOJ stokes privacy fears. Read more

. 29 December 2006

Guides, Papers, etc
www.f-secure.com:
More malicious New Year postcards. Read more

isc.sans.org:
Pain reliever with serious side effects (NEW). Read more

www.symantec.com:
Rustock: Deep Dive. Read more

blog.info-pull.com:
Flawed antivirus products. Read more

www.technewsworld.com:
Vista and the Future of OS Security, Part 2. Read more

www.theregister.co.uk:
Vista's Suicide Bomb: who gets hurt? Read more

www.darkreading.com:
Voice Cracks. Read more

www.infoworld.com:
New year's resolution No. 1: Get OpenBSD. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Windows Client-Server Run-time Subsystem NtRaiseHardError Discloses Memory to Local Users. Read more

securitytracker.com:
KSirc Client PRIVMSG Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Limbo CMS Event Calendar Module Include File Bug in 'eventcal/mod_eventcal.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cacti 'cmd.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
ELOG Configuration File Parsing NULL Pointer Dereference Lets Remote Users Deny Service. Read more

securitytracker.com:
PHP iCalendar Input Validation Holes in 'cpath' and 'getdate' Parameters Permit Cross-Site Scripting Attacks. Read more

 

Tools:
www.pctools.com:
PC Tools AntiVirus� 3.1 Free Edition. Read more

www.mcs.vuw.ac.nz:
Snort Rule Permutator released with HoneyC version 1.2.0. Read more

 

News
www.securityfocus.com:
Bot-infected PCs get a refresh. Read more

www.post-gazette.com:
Microsoft ad push is all about you. Read more

www.theregister.co.uk:
MS sees out year with another Vista attack. Read more

www.boston.com:
As deadline nears, banks toughen Net protections. Read more

www.theregister.co.uk:
Stock scammer gets coal for the holidays. Read more

www.darkreading.com:
SEC Exposes Online Fraudster. Read more

popsci.typepad.com:
our Computer is Hot -- And I Know Where You Live. Read more

www.securitypronews.com:
Rootkits Pose Big 2007 Threat. Read more

www.informationweek.com:
Rustock Trojan A Model For Future Threats. Read more

www.informationweek.com:
Brief: Personal Information Showing Up On Google Notebook Search. Read more

www.techtree.co:
India is '06 Hot Spot for Hackers. Read more

news.com.com:
Companies probe possible high-def DVD hack. Read more

www.engadget.com:
AACS DRM cracked by BackupHDDVD tool? Read more

www.betanews.com:
PayPal 'Virtual Debit Card' Beta Seeks to Eliminate ID Theft. Read more

www.terra.net.lb:
Asia Internet slowly comes back online. Read more

www.seacoastonline.com:
Church's old Web domain converted into porn site. Read more

. 28 December 2006

Guides, Papers, etc
www.commtouch.com:
2006 Spam Trends Report: Year of the Zombies. Read more

www.technewsworld.com:
Same Spam, Different Image. Read more

www.esecurityplanet.com:
The Evolution Of Malware Continues. Read more

isc.sans.org:
Christmas Botnet Follow-up. Read more

www.bindshell.net:
:
The Advanced Cross-site Scipting Virus. Read more

www.darkreading.com:
The Six Dirtiest Tricks of 2006. Read more

www.techworld.com:
Vista crippled by content protection. Read more

www.microsoft-watch.co:
Another Vista Activation Crack Appears. Read more

www.computerworld.com.au:
Microsoft WGA says: 'Prove your innocence'. Read more

www.attrition.org:
The Communications Director for Montana's Congressman Denny Rehberg email exchange. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Secure Login Manager Missing Input Validation Permits Cross-Site Scripting Attacks in Certain Cases. Read more

securitytracker.com:
Hosting Controller 'FolderManager.aspx' Lets Remote Authenticated Users View and Modify Files. Read more

securitytracker.com:
pNamazu Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
CMS Made Simple Input Validation Flaw in Comments Module Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
logahead UNU edition WidgEd Plugin Lets Remote Users Upload Files and Execute Arbitrary Code. Read more

securitytracker.com:
PhpbbXtra Include File Bug in 'archive_topic.php' Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.bindshell.net:
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. Read more

www.diehard-software.org:
DieHard helps buggy programs run correctly and protects them from a range of security vulnerabilities. Read more

 

News
www.securityfocus.com:
Bots, breaches and bugs plague 2006. Read more

www.securityfocus.com:
Researcher: AppleScript great for malware. Read more

www.theregister.co.uk:
Congressional aide fired after trying to hire hackers. Read more

www.latimes.com:
FTC gets broader authority to pursue foreign spammers. Read more

ipcommunications.tmcnet.com:
New Computer Program Prevents Crashes And Hacker Attacks. Read more

www.informationweek.com:
Chinese Hackers Launch New Office Attack. Read more

www.tinynibbles.com:
Google clamps down on porn; removes sex-positive sites from search results. Read more

www.playfuls.com:
HD DVD's AACS Protection Bypassed. In Only 8 Days?! Read more

. 27 December 2006

Guides, Papers, etc
www.benedelman.org:
Bad Practices Continue at Zango, Notwithstanding Proposed FTC Settlement and Zango's Claims. Read more

www.f-secure.com:
Happy New Warezov. Read more

blogs.securiteam.com:
CCC report: day 0. Read more

blogs.securiteam.com:
Google debug. Read more

blogs.securiteam.com:
Second Life: Virtual Worlds Botnet Attacks. Read more

blogs.securiteam.com:
Comment spam: iframe usage. Read more

www.darkreading.com:
Postcard from Nigeria. Read more

www.cs.auckland.ac.nz:
A Cost Analysis of Windows Vista Content Protection. Read more

www.pcworld.com:
Lab Tests: Vista's Fast If You Have the Hardware. Read more

www.computerworld.com.au:
Microsoft WGA says: 'Prove your innocence'. Read more

www.betanews.com:
Is Vista Really Bug-Plagued as the NY Times Claims? Read more

shampoo.antville.org:
(somewhat) breaking the same-origin policy by undermining dns-pinning. Read more

www.eweek.com:
Who Are You Surfin? New Ways to Be Cert'in. Read more

www.shoemoney.com:
How Hackers Are Using Google To Pwn Your Site. Read more

www.newsfactor.com:
Is Malware Hiding Behind that Certified Site? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service. Read more

securitytracker.com:
w3m Format String Bug in Processing Certificates May Permit Remote Code Execution. Read more

securitytracker.com:
ChatWM Input Validation Flaw in 'login.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
TimberWolf Input Validation Hole in 'shownews.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Novell NetMail Buffer Overflows in IMAP and NMAP Services Let Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Xmas malware frenzy. Read more

www.chicagotribune.com:
Flaw in Vista operating system could let hacker control PC. Read more

seattletimes.nwsource.com:
Vista security flaws investigated. Read more

www.pcworld.com:
Microsoft Sees Botnets as Top Cyberthreat. Read more

ipcommunications.tmcnet.com:
Online Bank Security Has A Big Hole. Read more

www.theregister.co.uk:
Windows DRM is the 'longest suicide note in history'. Read more

. 23 December 2006

Guides, Papers, etc
blogs.securiteam.com:
Botnets: a retrospective to 2006, and where we are headed in 2007. Read more

www.sciencedirect.com:
Analyzing terror campaigns on the internet: Technical sophistication, content richness, and Web interactivity. Read more

isc.sans.org:
The Snort Top 10 (NEW). Read more

www.eweek.com:
It's Time to Sell Security Services. Read more

www.cs.auckland.ac.nz:
A Cost Analysis of Windows Vista Content Protection. Read more

www.watchguard.com:
A plea for an end to Months of Irresponsible Disclosure. Read more

www.avertlabs.com:
IMs, VoIP and Spam. Read more

www.microsoft-watch.com:
Keep the Grinch Out of Your Network This Holiday. Read more

www.microsoft-watch.com:
Vista Won't End Windows XP Availability. Read more

www.isi.qut.edu.au:
Preliminary Call for Papers Recent Advances in Intrusion Detection 2007 10th International Symposium. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
@Mail Input Validation Holes Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks. Read more

securitytracker.com:
SugarCRM Input Validation Bug in Email Messages Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Http explorer Lets Remote Users Traverse the Directory on the Target System. Read more

securitytracker.com:
RateMe Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.trendmicro.com:
Trend Micro RootkitBuster is a rootkit scanner that offers ability to scan for hidden files, registry entries, processes, drivers and hooked system service. Read more

sqid.rubyforge.org:
SQL injection digger is a command line program that looks for SQL injections and common errors in websites. Read more

 

News
www.vnunet.com:
Microsoft blames Vista insecurity on third-party apps. Read more

www.pegasusnews.com:
Personal data of 15,000 TWU students made vulnerable. Read more

www.boingboing.net:
NPR "Xeni Tech": US losing war of web to terror groups? Read more

www.charleston.net:
Bank says customer data may have been stolen. Read more

www.securityfocus.com:
Stock scammer gets coal for the holidays. Read more

www.securityfocus.com:
Congressional aide punk'd, then fired. Read more

www.canada.com:
Police in Ontario consider YouTube effective crime fighting tool. Read more

www.betanews.com:
Windows Bug Via Message Boxes Gives Security Team Holiday Headaches. Read more

www.theregister.co.uk:
CafePress wilts under DDoS assault. Read more

. 22 December 2006

Guides, Papers, etc
blogs.technet.com:
New report of a Windows vulnerability . Read more

www.viruslist.com:
Google helps phishers. Read more

www.darkreading.com:
Weaker Than You Think. Read more

www.darkreading.com:
Popping the Vista Kernel. Read more

www.avertlabs.com:
PassWord Stealer for the virtual world. Read more

www.computerdefense.org:
Nmap vs SinFp. Read more

www.f-secure.com:
Merry Christmas. Read more

www.scriptingmagic.com:
Clipboard Theft. Read more

www.oreillynet.com:
Using Google to View MySpace or Any Restricted Site. Read more

www.revenews.com:
Now Microsoft Thinks It Invented RSS? Read more

www.itnews.com.au:
Cyber-security new year resolutions for 2007. Read more

www.podtrac.com:
Audio: Security Now 71: Securable. Listen

 

Vulnerabilities & Exploits
isc.sans.org:
PoC for local elevation of privilege on Windows 2000 SP4 upwards (NEW). Read more

blogs.securiteam.com:
Firefox 2.0.0.1 - no fix to Password Manager flaw yet. Read more

securitytracker.com:
Mono Discloses File Source Code to Remote Users. Read more

securitytracker.com:
CA CleverPath Portal May Let Remote Users Access Portal Sessions of Other Users in Certain Cases. Read more

securitytracker.com:
TYPO3 Input Validation Holes in 'rtehtmlarea' Sysext Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.gomor.org:
SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. Read more

www.reghardware.co.uk:
VMware opens Mac virtual machine tech to public. Read more

www.nliteos.com:
nLite is a tool for permanent Windows components removal and pre-installation Windows setup. Read more

 

News
news.com.com:
Judge: Can't link to Webcast if copyright owner objects. Read more

cbs2.com:
USC Hacker Gets 6 Months Of Home Detention. Read more

www.computing.co.uk:
German virus gang jailed. Read more

passivemode.net:
Microsoft Presents Draft of Security Interfaces. Read more

www.securityfocus.com:
Sony BMG settles rootkit lawsuits. Read more

www.securityfocus.com:
Opera adds anti-phishing to browser. Read more

www.theregister.co.uk:
Online criminals threatened with sex offenders' register. Read more

www.techworld.com:
Days of big virus are over. Read more

blogs.ittoolbox.com:
How Not To Hire A Hacker. Read more

www.sfgate.com:
Sex.com: A URL -- All Crime And No Sex. Read more

online.wsj.com:
How Biometric Security Is Far From Foolproof. Read more

. 21 December 2006

Guides, Papers, etc
portal.spidynamics.com:
IE7 - Phishing vs. Privacy. Read more

secdev.zoller.lu:
Microsoft monitors Search queries - SP2. Read more

www.f-secure.com:
Phishing Filters - No Add-ons Required. Read more

www.avien.org:
The New Face of Malware. Stories from the Battlefield. Read more

www.theregister.co.uk:
All I want for Christmas...Read more

www.azureuswiki.com:
Bad ISPs. Here's a list of ISPs (Internet service provider) that are known to cause trouble for BitTorrent clients or P2P in general. Read more

 

Vulnerabilities & Exploits
www.info-svc.com:
CIS Finds Flaws in Firefox v2 Password Manager. Read more

www.info-svc.com:
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip. (POC) Read more

isc.sans.org:
Multiple vulnerabilities in Symantec Veritas NetBackup. Read more

www.frsirt.com:
Mozilla Products Multiple Remote Command Execution and Security Bypass Vulnerabilities. Read more

www.security.nnov.ru:
Microsoft Windows memory corruption. Read more

securitytracker.com
Java Runtime Environment Discloses Applet Information to Remote Users. Read more

securitytracker.com
Java Runtime Environment Serialization Bugs Let Remote Applets Gain Elevated Privileges. Read more

securitytracker.com
Java Runtime Environment Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
fileforum.betanews.com:
AutoIt is a simple tool that can simulate keystokes, mouse movements and window commands (maximize, minimize, wait for, etc.) in order to automate any windows based task (or even windowed DOS tasks). Read more

 

News
www.microsoft.com:
Re-Release: Microsoft Security Bulletin MS06-078. Read more

www.theinquirer.net:
Linking to copyrighted material could get you sued. Read more

www.zdnet.com.au:
Double Skype attack confuses security firms. Read more

www.startribune.com:
Lawsuit challenges government's right to read your e-mail. Read more

www.wired.com:
Media Takes on AT&T in Spy Case. Read more

www.sjgames.com:
Steve Jackson Games v. US Secret Service. Read more

www.ecoustics.com:
Automatic Security-Software Renewals. Be aware of auto-renewal agreements before you sign up. Read more

www.itbinternet.com:
Microsoft Unlikely To Lead Anti-Virus Field Despite Security Enhancements To Vista And OneCare, Says Natalya Kaspersky. Read more

www.securityfocus.com:
Web facial matching stirs privacy worries. Read more

www.cbc.ca:
Image search tool raises privacy concerns. Read more

www.theregister.co.uk:
Hackers call on Skype to spread Trojan. Read more

www.computerworld.com:
Spam: The digital coal in your stocking. Read more

www.platinax.co.uk:
Google Search convicts hacker. Read more

www.theregister.co.uk:
Sysadmin 'tried to boobytrap' drug firm database. Read more

www.theregister.co.uk:
NASA shares space with Google. Read more

www.washingtonpost.com:
Google Book-Scanning Efforts Spark Debate. Read more

. 20 December 2006

Guides, Papers, etc
blogs.securiteam.com:
How Not to Protect Your Customers from Phishing. Read more

blogs.securiteam.com:
My name is Chatosky - I spread with Skype. Read more

www.securityfocus.com:
Password Management Concerns with IE and Firefox, part one. Read more

www.securityfocus.com:
Password Management Concerns with IE and Firefox, part two. Read more

www.darkreading.com:
An Apple (Bug) a Day. Read more

www.viruslist.com:
Who wants to be a money launderer? Read more

www.eweek.com:
SPIT: It's Not Just For Terrell Owens Anymore. Read more

isc.sans.org:
Sun JDK 5.0 Update 10 (NEW). Read more

www.f-secure.com:
Skype Worm. Read more

blogs.ittoolbox.com:
Interview With Whistleblower TripleZ. Read more

www-128.ibm.com:
Crossing borders: JavaScript's language features. Read more

www.eetimes.com:
Are you suffering from 'Mouse Rage Syndrome? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Mozilla Firefox Outer Window Function Object Lets Remote Users Bypass Cross-Site Scripting Protections. Read more

securitytracker.com:
Mozilla Firefox SVG Processing Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox May Disclose RSS Feed URLs to Remote Systems. Read more

securitytracker.com:
Mozilla Firefox IMG SRC Tag Can Be Modified to Bypass Cross-Site Scripting Protections. Read more

securitytracker.com:
Mozilla Firefox LiveConnect May Use Freed JavaScript Objects and Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox JavaScript watch() Function Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Memory Corruption in Layout Engine and Javascript Engine May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
GNU tar GNUTYPE_NAMES Record Directory Traversal Flaw May Let Remote Users Overwrite Arbitrary Files. Read more

securitytracker.com:
Mozilla Thunderbird E-mail Header Heap Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey E-mail Header Heap Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey SVG Processing Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Thunderbird IMG SRC Tag Can Be Modified to Bypass Cross-Site Scripting Protections. Read more

securitytracker.com:
Mozilla Seamonkey IMG SRC Tag Can Be Modified to Bypass Cross-Site Scripting Protections. Read more

securitytracker.com:
Mozilla Thunderbird LiveConnect May Use Freed JavaScript Objects and Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey LiveConnect May Use Freed JavaScript Objects and Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service. Read more

securitytracker.com:
NeoScale CryptoStor 700 Series Appliance Lets Remote Users Bypass Token-Based Authentication. Read more

securitytracker.com:
QuickTime Quartz Composer Composition Bug Lets Remote Users Obtain Information from the Target User's System. Read more

 

Tools:
www.kishkish.com:
KishKish Lie Detector. Read more

 

News
news.zdnet.co.uk:
Sony forced to pay for rootkit debacle. Read more

www.securityfocus.com:
Month of Apple bugs coming. Read more

pcworld.co.nz:
Microsoft releases APIs for Vista security. Read more

www.securityfocus.com:
Check Point snaps up NFR Security. Read more

www.theregister.co.uk:
Opera adds tech to foil phishers. Read more

www.techworld.com:
Five critical holes patched in Firefox 2.0. Read more

www.internetnews.com:
Mozilla Fixes Firefox Flaws, Misses One. Read more

www.betanews.com:
Purported Skype Worm a False Alarm. Read more

news.zdnet.co.uk:
IT worker arrested over hacking plot. Read more

online.wsj.com:
Software to Spot 'Phishers' Irks Small Concerns. Read more

www.newscientisttech.com:
Face-hunting software will scour web for targets. Read more

www.techtree.com:
Alternative to Google Image Search? Read more

www.terra.net.lb:
Photolurking, blog streaking and cheesepodding: The new Internet addictions. Read more

. 19 December 2006

Guides, Papers, etc
isc.sans.org:
Skype worm (NEW). Read more

isc.sans.org:
ORDB Shutting down (NEW). Read more

www.securityfocus.com:
PHP security under scrutiny. Read more

www.esj.com:
Security: A Look Back and the Year Ahead. Read more

www2.csoonline.com:
Damaging Malware Declining, Older Variants On the Rise. Read more

linuxhelp.blogspot.com:
Various ways of detecting rootkits in GNU/Linux. Read more

www.darkreading.com:
Vulnerability Tools Get Teeth. Read more

www.smh.com.au:
Shields up for summer. Read more

www.internetnews.com:
Real Phishing Tool Probes User Gullibility. Read more

www.darkreading.com:
Phishing Your Own Users. Read more

www.darkreading.com:
Laptop Encryption the Service Way. Read more

www.informit.com:
How Not To Use Cookies. Read more

www.technewsworld.com:
Vista and the Future of OS Security. Read more

ddanchev.blogspot.com:
Phishing Domains Hosting Multiple Phishing Sites. Read more

oedb.org:
The Ultimate Guide to the Invisible Web. Read more

zdpub.vo.llnwd.net:
Audio: Where We Stand, 2007, issues of the day, including net neutrality, the ethics of search practices, data security and open source. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
MailEnable Buffer Overflow in POP3 PASS Command Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
MANDIANT First Response FRAgent Lets Remote Users Deny Service and Local Users Hijack Connections. Read more

securitytracker.com:
Sambar Server FTP SIZE Command Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
Omniture SiteCatalyst Input Validation Hole in Login Page Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
SQL-Ledger Input Validation Flaw in 'login.pl' Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
pandora.sourceforge.net:
Pandora is a monitoring application to watch systems and applications, that allows to know the status of any element of your systems, watch for your hardware, your software, your multilayer system and of course your Operating System. Read more

sourceforge.net:
With SIP Proxy you will have the opportunity to eavesdrop and manipulate SIP traffic. Furthermore, predefined security test cases can be executed to find weak spots in VoIP devices. Read more

arstechnica.com:
Opera 9.1 released, adds real-time phishing protection. Read more

 

News
www.theregister.co.uk:
100m US records exposed by security blunders. Read more

securitywatch.eweek.com:
MS Investigating Vista Zero-Day Exploit Sale. Read more

www.theregister.co.uk:
Yahoo! Messenger! in! security! flap! Read more

news.zdnet.co.uk:
Skype worm spotted. Read more

www.newsnow.co.uk:
ESET NOD32 Wins Virus Bulletin 100% Award Once Again. Read more

www.pcadvisor.co.uk:
$50,000 Vista exploit "for sale". Read more

www.betanews.com:
Firefox Continues to Gain Market Share. Read more

www.itp.net:
Small firms advised to hunt out hackers� help. Read more

ipcommunications.tmcnet.com:
Universities targeted by computer hackers. Read more

www.boston.com:
Iran bloggers test regime's tolerance. Read more

www.wired.com:
Pluggd: A Google for Podcasts. Read more

www.usatoday.com:
Google, NASA finalize imagery, info deal. Read more

. 18 December 2006

Guides, Papers, etc
www.itnews.com.au:
Sturdier botnets mean more spam in 2007. Read more

www.computerworld.com:
Plugging Holes in Antivirus Shield. Read more

technology.timesonline.co.uk:
They're turning me into a zombie. Read more

www.sacbee.com:
Editorial: 'Phishing' and 'vishing'. Read more

isc.sans.org:
Ping floods at multiple sites (NEW). Read more

honeyblog.org:
CWSandbox vs. Banking Spyware. Read more

www.playfuls.com:
More Information on Windows Vista Software Protection Policies. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.bindshell.net:
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. Read more

internetfreedomdisk.blogspot.com:
Internet Freedom Disk. Read more

 

News
www.computerworld.com.au:
Security experts in dangerously short supply. Read more

www.fin24.co.za:
Hackers turn table on Symantec. Read more

www.usatoday.com:
Cybercrooks hold PC data captive. Read more

www.computerworld.com:
Copyright holders sign China piracy agreement. Read more

www.msnbc.msn.com:
Seduced into scams: Online lovers often duped. Read more

www.news.com.au:
Tool to fight internet fraud. Read more

techdirt.com:
Philips The Latest To Try A Magic Bullet Solution To Unauthorized Copying. Read more

news.bbc.co.uk:
ePassports 'at risk' from cloning. Read more

www.informationweek.com:
Microsoft Turns Up The Heat On Windows 2000 Users. Read more

www.boston.com:
'Blogjackings' offer unwelcome surprises. Read more

www.theregister.co.uk:
Microsoft wins UK ruling to ban spam list sales. Read more

cnews.canoe.ca:
Cops use YouTube to solve crimes. Read more

. 16 December 2006

Guides, Papers, etc
www.avertlabs.com:
MS Word Zero-Day Trio. Read more

www.heise-security.co.uk:
The hole trick. How Skype & Co. get round firewalls. Read more

www.f-secure.com:
'Tis the Season ...Read more

www.eweek.com:
Get the NAC in 2007. Read more

www.privacyrights.org:
A Chronology of Data Breaches. Read more

www.it-observer.com:
Non-OS-dependant malware. Read more

www.itnews.com.au:
Fortinet reviews the year's security trends. Read more

www.technologyreview.com:
P2P: From Internet Scourge to Savior. Read more

www.darkreading.com:
'Not Much Resistance at the Door'. Read more

www.darkreading.com:
PHP Security Expert Quits. Read more

www.microsoft-watch.com:
Vista Isn't Windows' Last Destination. Read more

www.microsoft-watch.com:
Vista? Yes, Bother. Read more

www.microsoft-watch.com:
Who's Afraid of a Monster? Read more

www.itnews.com.au:
Patch craze to continue in 2007. Read more

www.networkcomputing.com:
Audio: The Worldwide growth of Spyware and Adware; Detecting and Defeating Rootkits. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Yahoo Messenger Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BitDefender Heap Overflow in Parsing Packed PE Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Project Discloses Database Password to Remote Authenticated Users. Read more

securitytracker.com:
NetBSD libc glob(3) Buffer Overflow May Let Local Users Gain Elevated Privileges or Remote Users Execute Arbitrary Code in Certain Cases. Read more

securitytracker.com:
McAfee VirusScan for Linux Lets Local Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
Three Word flaws remain unpatched. Read more

news.zdnet.com:
New 'botworm' exploits Symantec flaw. Read more

stuff.techwhack.com:
EEye Digital Security claims Big Yellow attacking Symantec antivirus protected machines. Read more

news.com.com:
Yahoo's IM update: A trojan horse of surprises. Read more

www.cbc.ca:
Yahoo Messenger flaw opens computers to hijacking. Read more

www.net-security.org:
Machine learning technology to fight image-based spam. Read more

out-law.com:
Microsoft wins ruling to ban spam list sales. Read more

www.redorbit.com:
Hacker Gives Web Users Unexpected Peep Show. Read more

www.securityfocus.com:
Admin jailed 8 years for "logic bomb". Read more

www.theregister.co.uk:
NY Times bans Microsoft analysts from Microsoft stories. Read more

www.cbc.ca:
Gates admits flaws with digital music copy protection. Read more

news.zdnet.com:
Microsoft speeds up phishing shield for IE 7. Read more

www.colorado.edu:
CU-Boulder Reports Security Breach In College Of Arts And Sciences Advising Computer. Read more

. 15 December 2006

Guides, Papers, etc
www.itnews.com.au:
'Rustock' trojan a model for future threats. Read more

blogs.securiteam.com:
These two weeks of Word flaws - can we survive? Read more

support.microsoft.com:
Description of the Wireless Client Update for Windows XP with Service Pack 2. Read more

www.f-secure.com:
Wireless Client Update. Read more

support.microsoft.com:
The computer may respond very slowly as the Phishing Filter evaluates Web page contents in Internet Explorer. Read more

isc.sans.org:
sav worm and its cc (NEW). Read more

www.mcafee.com:
McAfee, Inc. Reports Fewer Qualified Security Experts Puts Businesses at Risk. Read more

www.darkreading.com:
Johnny Cache: Man in Black (Hat). Read more

www.darkreading.com:
Startup Finds Phish in Browsers. Read more

www.eweek.com:
Signature Scanning: 'I'm Not Dead Yet'. Read more

blogs.ittoolbox.com:
Digital Cameras And Divorce. Read more

honeyblog.org:
Botnets, Stock Spam and Other Abuses. Read more

today.reuters.co.uk:
Video: Cyberstalking risks soar. Watch

aolradio.podcast.aol.com:
Audio: Security Now 70: Freenet and TOR. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
ScriptMate User Manager Input Validation Holes Permit Cross-Site Scripting Attacks and SQL Command Injection. Read more

securitytracker.com:
GNOME Display Manager Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
CA Internet Security NULL Buffer Errors in vetfddnt.sys and vetmonnt.sys Drivers Let Local Users Deny Service. Read more

securitytracker.com:
CA Anti-Virus NULL Buffer Errors in vetfddnt.sys and vetmonnt.sys Drivers Let Local Users Deny Service. Read more

securitytracker.com:
IBM Tivoli Identity Manager Discloses JKS Password to Local Users. Read more

securitytracker.com:
Symantec NetBackup Buffer Overflows and Logic Error in bpcd Daemon Let Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Symantec plugs vulnerabilities in NetBackup. Read more

www.regdeveloper.co.uk:
Phishing scams thrive in the UK. Read more

www.wired.com:
Attack of the 'Wiimote' Hacks. Read more

news.zdnet.co.uk:
Microsoft moves to block hybrid Vista. Read more

www.vnunet.com:
Microsoft critical vulnerability boom persists. Read more

www.technewsworld.com:
Reports of Antivirus Death May Be Exaggerated. Read more

www.technewsworld.com:
Philips Unveils Anti-Piracy Tech for Video. Read more

www.regdeveloper.co.uk:
Japan convicts P2P author. Read more

www.itnews.com.au:
Patch craze to continue in 2007. Read more

edition.cnn.com:
Laptop helps man in Germany bust burglar in Brazil. Read more

www.redorbit.com:
Think Before Clicking: Buying Holiday Gifts Online Means Checking Site's Security, Return Policy - and Calendar to Be Sure Santa Shows Up on Time. Read more

. 14 December 2006

Guides, Papers, etc
blogs.securiteam.com:
The AV coverage of 12122006-djtest.doc PoC extremely poor. Read more

arstechnica.com:
Study shows one in twenty-five search results are risky. Read more

blogs.msdn.com:
Windows Vista, ASLR, DEP and OEMs. Read more

isc.sans.org:
Offline Microsoft Patching (NEW). Read more

www.wired.com:
MySpace Passwords Aren't So Dumb. Read more

www.najingad.com:
How to Cheat at Securing a Wireless Network. (pdf). Download

www.insecuremagazine.com:
(IN)SECURE Magazine ISSUE 1.9 (December 2006). Read more

www.darkreading.com:
Startup Finds Phish in Browsers. Read more

ddanchev.blogspot.com:
Top Ten Scams of 2006. Read more

www.avertlabs.com:
So, how does one write mobile spyware? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Integrated Lights Out SSH Key Authentication Flaw Lets Remote Users Access the System. Read more

securitytracker.com:
Novell Modular Authentication Service Format String Flaw Has Unspecified Impact. Read more

securitytracker.com:
Sun Solaris ld.so.1 Bugs Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
BLOG:CMS Include File Bug in 'NP_UserSharing.php' Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.microsoft.com:
Internet Explorer Administration Kit 7. Read more

 

News
www.theregister.co.uk:
Three critical patches star in MS update. Read more

www.eweek.com:
'Logic Bomb' Backfires on Hacker. Read more

www.securityfocus.com:
Nessus flaw scanner groks SCADA. Read more

blog.washingtonpost.com:
Microsoft Tweaks Windows XP Wireless Security. Read more

www.theregister.co.uk:
Webmail hijack ruse leads to blackmail. Read more

www.wired.com:
Spammer Slammer Targets Politics. Read more

www.telegraph.co.uk:
Computers 'could store entire life by 2026'. Read more

. 13 December 2006

Guides, Papers, etc
www.microsoft.com:
Microsoft Security Bulletin Summary for December, 2006. Read more

honeyblog.org:
Monkey-Spider. Monitoring of Malicious Websites. Read more

honeyblog.org:
Efficient Observation of Botnets. Read more

www.darkreading.com:
The Beauty of Bots. Read more

www.eweek.com:
Search Engines Less Risky, but Problems Remain, Study Shows. Read more

www.darkreading.com:
Worms Get Smarter. Read more

www.forbes.com:
Why Spam Won't Go Away. Read more

isc.sans.org:
Microsoft Office 2004 (Mac OS X) update was a accident. (NEW). Read more

www.darkreading.com:
Symantec Adds Crypto to Backup. Read more

www.cisco.com:
Technical Overview: Preventing Worm and Virus Outbreaks with Cisco Self-Defending Networks. Read more

www.avertlabs.com:
Microsoft patches 133 Critical and Important Vulnerabilities in 2006. Read more

www.physorg.com:
How Much Will Windows Security Matter? Read more

www.eweek.com:
Audio: Microsoft Pulled It All Together in Vista RTM. Read more

www.microsoft-watch.com:
Vista Crack Means Big Trouble. Read more

resources.zdnet.co.uk:
10 things you should know about privacy protection and IT. Read more

www.phenoelit.de:
Default Password List. Read more

 

Vulnerabilities & Exploits
www.xdisclose.com:
Orkut Multiple Cross Site Scripting Vulnerabilities. Read more

www.xdisclose.com:
Orkut Group Cross Site Scripting Vulnerability. Read more

www.xdisclose.com:
Orkut Email Address Disclosure Vulnerability. Read more

securitytracker.com:
Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users. Read more

securitytracker.com:
Microsoft Internet Explorer DHTML and Script Error Handling Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Media Player and Windows Media Format Runtime ASF File Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Media Player ASX Playlist File Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows SNMP Service Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Client-Server Run-time Subsystem Lets Local Users Gain System Privileges. Read more

securitytracker.com:
Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Remote Installation Service TFTP Server Lets Remote Users Overwrite Files to Execute Arbitrary Code. Read more

securitytracker.com:
ShopSite Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

 

Tools:
www.niksoft.at:
StartDreck (build 2.1.7) enLIGHTs you what windows loads during startup. Download

www.heise-security.co.uk:
DIY Service Pack. Installing Windows updates without an internet connection. Read more

 

News
www.securityfocus.com:
Microsoft patches IE, Windows Media flaws. Read more

news.zdnet.co.uk:
Microsoft plugs Windows Media hole. Read more

blogs.msdn.com:
Don't be fooled by Web fraud this holiday season. Read more

www.securityfocus.com:
UCLA alerts 800,000 to data breach. Read more

www.theregister.co.uk:
Inside a cyber-crook's Xmas wish list. Read more

www.stuff.co.nz:
Teenager ran internet banking scam. Read more

www.smh.com.au:
Teen hacker 'a very clever boy'. Read more

www.zdnet.com.au:
Kaspersky predicts Vista security holes. Read more

www.theregister.co.uk:
Pentagon hacker appeals US extradition. Read more

www.itnews.com.au:
Four million UK users hit by ID theft. Read more

www.cio.in:
Expert Warns on Wireless Security in Asia. Read more

www.wired.com:
Startup Makes Spammers Pay. Read more

www.smh.com.au:
Researchers developing tool to combat auction fraud. Read more

news.com.com:
Microsoft unveils public robotics software. Read more

www.theregister.co.uk:
McCain wants child porn rules for US message boards. Read more

. 12 December 2006

Guides, Papers, etc
blogs.technet.com:
The Case of the Mysterious Code Signing Failures. Read more

isc.sans.org:
PHP security: the scene might change (NEW). Read more

www.eweek.com:
The New Attack Pattern. Read more

ddanchev.blogspot.com:
Analysis of the Technical Mujahid - Issue One. Read more

www.avertlabs.com:
Fake charity sites: It�s that time of year again. Read more

www.darkreading.com:
Two Sides of Single Sign-On. Read more

www.darkreading.com:
Open-Source NAC. Read more

www.darkreading.com:
Blurring the Line Between SOC & NOC. Read more

www.viruslist.com:
Are all antivirus created equal? Read more

www.f-secure.com:
QuickTime Flaw is Cross Platform. Read more

honeyblog.org:
Capture - High Interaction Client Honeypot. Read more

news.com.com:
Playing it safe with Windows Vista. Read more

technology.guardian.co.u:
My PC's year of living dangerously online. Read more

avanoo.wordpress.com:
Why Google Sucks! Read more

www.playfuls.com:
IBM Promises New Memory Chip Technology. Read more

www.wired.com:
Wi-Fi as a Health Hazard. Read more

 

Vulnerabilities & Exploits
labs.idefense.com:
Multiple Vendor Antivirus RAR File Denial of Service Vulnerability. Read more

labs.idefense.com:
Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability. Read more

www.xdisclose.com:
Orkut Email Address Disclosure Vulnerability. Read more

securitytracker.com:
Ruby MIME Parsing Bug in cgi.rb Lets Remote Users Deny Service. Read more

securitytracker.com:
WAWI Bugs Let Remote Users View Directories and Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Adobe ColdFusion Bugs Enable Cross-Site Scripting Evasion, Path Disclosure, and Internal Address Disclosure. Read more

securitytracker.com:
OFBiz Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ThinkEdit Include File Bug in 'render.php' Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.niksoft.at:
StartDreck (build 2.1.7) enLIGHTs you what windows loads during startup. Download

 

News
www.securityfocus.com:
comScore receives spyware allegations. Read more

www.securityfocus.com:
Free bug scan offered for Java apps. Read more

www.theregister.co.uk:
Trojan targets unpatched Word flaw (again). Read more

www.itnews.com.au:
Experts warn of Media Player vulnerability. Read more

www.vnunet.com:
Four million UK users hit by ID theft. Read more

news.com.com:
Alleged NASA hacker's appeal set for New Year. Read more

passivemode.net:
Market Research Company Secretly Installs Spyware. Read more

www.time.com:
Hackers For Hire. Read more

today.reuters.co.uk:
Internet criminals to step up "cyberwar" in 2007. Read more

www.nytimes.com:
In Web Traffic Tallies, Intruders Can Say You Visited Them. Read more

www.theregister.co.uk:
BEA adopts virtual strategy with VMware. Read more

www.theregister.co.uk:
Online gambling poised to pull $528bn. Read more

. 11 December 2006

Guides, Papers, etc
isc.sans.org:
Another new Word 0-day, information & dat released by McAfee (NEW). Read more

blogs.securiteam.com:
Another, different Microsoft Word 0-day vulnerability reported. Read more

www.f-secure.com:
Yet another Word vulnerability. Read more

www.avertlabs.com:
�I Go Chop Your Dollar�. Read more

www.rsasecurity.com:
RSA Online Fraud Intelligence Report - Nov 2006. Read more

www.eweek.com:
The New Attack Pattern. Read more

ddanchev.blogspot.com:
Analysis of the Technical Mujahid - Issue One. Read more

ddanchev.blogspot.com:
Full List of Hezbollah's Internet Sites. Read more

neosmart.net:
Windows Vista's Hideous Wakeup Support. Read more

www.betanews.com:
Vista Minimum Requirements Unrealistic. Read more

www.itwire.com.au:
Vista: who's afraid to upgrade? Read more

msmvps.com:
Tweaking the RDP client. Read more

podcast.dslextreme.com:
Audio: KFI Tech Guy 308. Listen

www.securityopus.com:
ecurity OPUS - Call for Papers - March 22-23, 2007. Read more

 

Vulnerabilities & Exploits
www.gentoo.org:
Mozilla Firefox: Multiple vulnerabilities. Read more

secunia.com:
Microsoft Word Unspecified Code Execution Vulnerability. Read more

securitytracker.com:
Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed. Read more

www.frsirt.com:
Sophos AntiVirus Scan Engine CPIO and SIT Files Handling Code Execution Vulnerabilities. Read more

aluigi.altervista.or:
Multiple vulnerabilities in Winamp Web Interface 7.5.13. Read more

securitytracker.com:
AOL Buffer Overflow in CDDBControl ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BrightStor ARCserve Backup Buffer Overflow in Discovery Service Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.computerworld.com:
Security Researcher Defends Efforts to Find Flaws. Read more

www.vnunet.com:
Word flaw left out of patch Tuesday. Read more

www.wired.com:
E-Gold Gets Tough on Crime. Read more

www.itrportal.com:
A new Worm creeps all over Myspace. Read more

www.vnunet.com:
Experts warn of Media Player vulnerability. Read more

www.techtree.com:
Hackers Fool Vista into Activating! Read more

www.informationweek.com:
Inside Microsoft's Labs. Read more

business.timesonline.co.uk:
As Microsoft looks ahead, will Vista be the end of an era? Read more

www.forbes.com:
How Much Privacy? Read more

www.kassa-kassa.be:
ACE bank, the story. Read more

. 09 December 2006

Guides, Papers, etc
blogs.securiteam.com:
IE5 *was* pre-patched to VML vulnerability. Read more

www.sophos.com:
The threat of image spam explored in latest Sophos podcast. Read more

www.smh.com.au:
Spam is back with a vengeance as filters lose effectiveness. Read more

www.f-secure.com:
Weekend Reading - December 8th. Read more

incredibill.blogspot.co:
Botnet Attempts Photo Cart Vulnerability Attack. Read more

incredibill.blogspot.co:
Day Two of the Photo Cart Attack. Read more

www.technewsworld.com:
Can Your Firm Be Sued for a Data Breach? Read more

ddanchev.blogspot.com:
Censoring Seductive Child Behaviour. Read more

www.darkreading.com:
Credit Union Authenticates 'Bio-Rhythms'. Read more

www.darkreading.com:
Crossing the Crime Chasm. Read more

www2.csoonline.com:
A Review of Security in 2006. Read more

www.informationweek.com:
Spam 2.0 Tactics Will Boomerang, Symantec Predicts. Read more

www.securityfocus.com:
Password Management Concerns with IE and Firefox, part one. Read more

www.podtrac.com:
Audio: Windows Weekly 8: DEP, FUD, and Zune. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Net-SNMP Grants Write Access to Read-Only Objects on Systems Configured With 'rocommunity' and 'rouser' Tokens. Read more

 

Tools:
secunia.com:
Secunia Software Inspector. Read more

capture-hpc.sourceforge.net:
Capture High Interaction Client Honeypot Released. Read more

 

News
www.computerworld.com:
Florida man pleads guilty in DDoS attack. Read more

www.theregister.co.uk:
Malware gangs using 'KGB-tactics' to recruit tech grads. Read more

www.cbc.ca:
Criminals recruiting students as hackers: report. Read more

www.timesdispatch.com:
E-mail includes data on students. Read more

www.boston.com:
Health providers' Social Security numbers posted on state site. Read more

www.forbes.com:
How Much Privacy? Read more

www.informationweek.com:
Pirates Spoof Vista's Enterprise Activation. Read more

www.computerworld.com:
How Microsoft fights off 100,000 attacks per month. Read more

www.securityfocus.com:
HP pretexting scandal comes to partial close. Read more

news.com.com:
Senator: Illegal images must be reported. Read more

arstechnica.com:
YouTube allows users to record directly to site. Read more

kierenmccarthy.co.uk:
The lowdown on the Sex.com case. Read more

. 08 December 2006

Guides, Papers, etc
www.f-secure.com:
An open letter to domain registrars. Read more

isc.sans.org:
Windows Media Player - ASX Playlist Buffer Overflow (NEW). Read more

isc.sans.org:
Microsoft December advance patch notification (NEW). Read more

www.quantenblog.net:
Bypassing Virus Scanners Using MIME Encoding Tricks. Read more

www.bleedingthreats.net:
Malware Prevention through black-hole DNS. Read more

blogs.authentium.com:
Responsible Disclosure of Exploits. Read more

www.viruslist.com:
Latest Word vulnerability and the usual reminder. Read more

blogs.technet.com:
What �very limited, targeted attacks� Means. Read more

www.f-secure.com:
Word hole will remain open. Read more

blogs.securiteam.com:
MIME Encoding Content Normalizer (SMTP gateway attacks counter-measures). Read more

blogs.guardian.co.uk:
Missing Trojan file in Windows. Read more

www.nytimes.com:
Vista Is Ready. Are You? Read more

www.networkperformancedaily.com:
Vista's "Next Generation" TCP/IP Stack and the Enterprise. Read more

blogs.msdn.com:
File URIs in Windows. Read more

www.varbusiness.com:
Are Background Checks Necessary For IT Workers? Read more

www.drivl.com:
Matt craps on a bunch of ridiculous ideas about programming and code that Hollywood can't seem to stay away from. Read more

www.smh.com.au:
The internet bouncers. Software that protects children from online nasties. Read more

 

Vulnerabilities & Exploits
www.intelliadmin.com:
Zero Day Exploit Found in Windows Media Player. Read more

blogs.securiteam.com:
Microsoft Word 0-day Vulnerability FAQ - December 2006, CVE-2006-5994. Read more

support.intel.com:
Intel� LAN Driver Buffer Overflow Local Privilege Escalation. Read more

securitytracker.com:
osCommerce 'admin/templates_boxes_layout.php' Directory Traversal Bug Discloses Files to Remote Users. Read more

securitytracker.com:
2X ThinClientServer Lets Remote Users Gain Administrative Access. Read more

securitytracker.com:
GnuPG OpenPGP Packet Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
mod_auth_kerb Off-by-one Overflow Lets Remote Users Deny Service. Read more

 

Tools:
insecure.org:
Nmap 4.20 released. Read more

 

News
www.nytimes.com:
Spam Doubles, Finding New Ways to Deliver Itself. Read more

www.thedenverchannel.com:
Computer Hacking Results In Armed Police Raid. Read more

www.securityfocus.com:
E-mail, IM registry for sex offenders proposed. Read more

www.esecurityplanet.com:
Don't Open That Word File, Microsoft Warns. Read more

www.theregister.co.uk:
VXers dabble in mobile spyware. Read more

www.computerworld.com:
How Microsoft fights off 100,000 attacks per month. Read more

apcmag.com:
Pirates crack Vista Activation Server. Read more

arstechnica.com:
RIAA defendant targets Kazaa in new lawsuit. Read more

www.forbes.com:
Bitten By The Google Spider. Read more

. 07 December 2006

Guides, Papers, etc
isc.sans.org:
Climb a small mountain... (NEW). Read more

www.f-secure.com:
Guardian comments on ".bank" gTLD. Read more

www.avertlabs.com:
�Every Doctor is not Spyware Doctor�. Read more

www.avertlabs.com:
Want spies with that? Read more

www.fortinet.com:
Vocal phish revealed. Read more

blogs.securiteam.com:
High load reveals passwords. Read more

www.securityfocus.com:
Christmas Shopping: Vista Over XP? Read more

www.insecuremagazine.com:
(IN)SECURE Magazine ISSUE 1.9 (December 2006). Read more

www.mcafee.com:
Killing Botnets A view from the trenches. Read more

sunbeltblog.blogspot.com:
Electronic lottery notifications are always fake. Period. Read more

www.ams.org:
How Google Finds Your Needle in the Web's Haystack. Read more

www.cs.vu.nl:
A Platform for RFID Security and Privacy Administration. Read more

en.hakin9.org:
Snort_inline as a solution. Read more

www.podtrac.com:
Audio: KFI Tech Guy 306. Vista security, a better way to run Windows on a Mac, and cleaning a laptop keyboard... Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Intel LAN Driver Buffer Overflow Lets Local Users Obtain Elevated Privileges. Read more

securitytracker.com:
BSD FireWire Driver fw_ioctl() Integer Signedness Error Lets Local Users Read Kernel Memory. Read more

securitytracker.com:
Citrix Presentation Server Client ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SAP Internet Graphics Server Lets Remote Users Remove Files. Read more

securitytracker.com:
SAP Internet Graphics Server Undocumented Features Let Remote Users Access Files, Perform Actions, and Deny Service. Read more

securitytracker.com:
Adobe Download Manager Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
passivemode.net:
Sxip Releases ID Manager for Firefox. Read more

 

News
www.theregister.co.u:
eEye launches 0-day tracker site. Read more

www.biosmagazine.co.uk:
Call For More Secure Credit Card Transactions. Read more

www.zdnet.com.au:
Tokens no silver bullet for security: banks. Read more

www.darkreading.com:
DNS Attacks on the Rise. Read more

news.com.com:
Spyware fighters go after MP3 search site. Read more

www.vnunet.com:
Malware enters new phase. Read more

www.darkreading.com:
Bull Market for Cybercriminals. Read more

www.networkworld.com:
Microsoft Research fights critics, targets innovation. Read more

www.terra.net.lb:
Microsoft starts online library in challenge to Google Books. Read more

www.nytimes.com:
Once Again, Machine Beats Human Champion at Chess. Read more

. 06 December 2006

Guides, Papers, etc
blogs.securiteam.com:
The newest Word 0-day - Microsoft was aware since 21st November. Read more

www.f-secure.com:
Hole in Word. Read more

www.viruslist.com:
An inventive approach. Read more

www.informationweek.com:
How Vista Lets Microsoft Lock Users In. Read more

 

Vulnerabilities & Exploits
research.eeye.com:
Zero-Day Tracker. Read more

www.frsirt.com:
Microsoft Word Document Handling Memory Corruption and Code Execution Vulnerability. Read more

securitytracker.com:
Xerox Document Centre Input Validation Flaw in 'hostname' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Hanako File Buffer Overflow Lets Remtoe Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Tivoli Storage Manager Request Processing Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec LiveState Lets Local Users Gain System Privileges. Read more

 

Tools:
enterprise.linux.com:
PHREL beats back DNS server attacks. Read more

specialreports.linux.com:
Bastille: rated security with education. Read more

 

News
www.securityfocus.com:
MySpace teams to create sex-offender database. Read more

www.securityfocus.com:
Hack allows anyone to play TiVo files. Read more

www.rsf.org:
Youtube and New York Times sites blocked as Iran steps up censorship of foreign content. Read more

economictimes.indiatimes.com:
Web censorship can be sticky. Read more

www.darkreading.com:
CyberGangs and Thieves: An Unholy Alliance. Read more

www.itweek.co.uk:
IE7 targeted by adware firms. Read more

www.theregister.co.uk:
Malware wars: Are hackers on top? Read more

www.theregister.co.uk:
Bogus anti-spyware firm fined $1m. Read more

www.theregister.co.uk:
Phishing worm hooks MySpace users. Read more

www.iht.com:
'Bad guys are winning' despite fight against spam. Read more

. 05 December 2006

Guides, Papers, etc
isc.sans.org:
Fun With Windows Netstat (NEW). Read more

www.avertlabs.com:
QuickTime �feature� + MySpace vulnerability = �Fun� & Profit! Read more

www.eweek.com:
Is Online Banking Too Dangerous? Read more

www.mattcutts.com:
How Google handles hacked sites. Read more

www.computerworld.com:
Stopping Data From Flying Off to Google. Read more

myappsecurity.blogspot.com:
ID Thieves Turn Sights on Smaller E-Businesses. Read more

news.com.com:
Ten things to consider before taking the Vista plunge. Read more

www.newsfactor.com:
Internet Explorer Back in the Game. Read more

www.informit.com:
Ten Tips for Smarter Google Searches. Read more

www.windowsitpro.com:
Opinion: Microsoft's Revised WGA Version Still Annoying (Just like the popup on this site). Read more

 

Vulnerabilities & Exploits
myappsecurity.blogspot.com:
Ajax Worm - Proof of Concept. Read more

securitytracker.com:
F-Prot Antivirus CHM File Buffer Overflow and ACE Archive Infinite Loop Lets Remote Users Execute Arbitrary Code and Deny Service. Read more

securitytracker.com:
Windows Print Spooler Subsystem GetPrinterData() Function Lets Remote Users Deny Service. Read more

securitytracker.com:
PHP Upload Center Include File Bug in 'activate.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple AirPort Extreme Beacon Frame Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
SquirrelMail Input Validation Flaws in Compose, Draft, and HTML Viewing Functions Permit Cross-Site Scripting Attacks. Read more

 

News
www.techworld.com:
Vista vulnerable to a third of malware. Read more

money.guardian.co.uk:
Banks hiding online fraud, say police. Read more

www.atg.wa.gov:
Attorney General McKenna Announces $1 Million Settlement in Washington�s First Spyware Suit. Read more

www.scmagazine.com:
Some websites reporting common error code contain adware. Read more

. 04 December 2006

Guides, Papers, etc
www.f-secure.com:
New MySpace worm using a Quicktime exploit. Read more

isc.sans.org:
Phishing and Spamming via IM (SPIM). Read more

www.2-spyware.com:
The mysterious jupk.com infection. Read more

blogs.authentium.com:
I am surprised. Read more

sunbeltblog.blogspot.com:
The revolting Revolt-Search.com. Read more

www.dfw.com:
You're never too young for identity theft. Read more

www.smh.com.au:
Warning over use of repeat passwords. Read more

reviews.zdnet.co.uk:
Should businesses upgrade to Vista? Read more

www.apcstart.com:
Inside Vista's new image-based install. Read more

tech.blorge.com:
Definitive guide: Windows Vista and XP head to head. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Novell ZENworks Asset Management Integer Overflows Let Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Jittery yanks warn of Jihadist internet threat. Read more

www.nytimes.com:
Who Did What in China�s Past? Look It Up, or Maybe Not. Read more

www.guardian.co.u:
Censorship fears rise as Iran blocks access to top websites. Read more

www.computerworld.com:
Tension between security vendors, bug hunters continues to simmer. Read more

www.nytimes.com:
Health Hazard: Computers Spilling Your History. Read more

www.theregister.co.uk:
PDFs open critical hole in Internet Explorer. Read more

business.scotsman.com:
Curse of the keystroke loggers who cost businesses �1bn a year. Read more

www.itbvirus.com:
MCAfee Avert Labs Unveils Predictions For Top Ten Security Threats In 2007 As Hacking Comes Of Age. Read more

news.zdnet.com:
Another suspected NASA hacker indicted. Read more

securitywatch.eweek.com:
EveryDNS Under Botnet DDoS Attack. Read more

www.vnunet.com:
Attackers target Russian hosting firm. Read more

news.zdnet.co.uk:
UN agency warns of serious online risks. Read more

www.apcstart.com:
Windows Vista crack is actually a trojan. Read more

www.usatoday.com:
Judges fear dangers of online 'rat' database. Read more

www.itwire.com.au:
The race is on to build Vista security products. Read more

www.itwire.com.au:
Vista more secure than XP? Read more

www.computerworld.com:
IT: Virtual PCs Show Promise but Remain Unproven. Read more

computerworld.co.nz:
Researchers seek to save VoIP from security threats. Read more

www.itnews.com.au:
Cyber threat to Wall Street not high, according to experts. Read more

www.theregister.co.uk:
Your data is protected: but is it protected enough? Read more

austringer.net:
Me Against Google. Read more

www.kansascity.com:
Software used to predict who might kill. Read more

. 02 December 2006

Trojans of November

Guides, Papers, etc
isc.sans.org:
404dnserror Adware. Read more

blogs.securiteam.com:
perl segfault? Read more

www.viruslist.com:
Infected Valuehost servers. Read more

securitywatch.eweek.com:
Anti-Virus Is Dead, D-E-A-D, Dead! Read more

biztechmagazine.com:
Protect Your Assets from Search Engines. Read more

www.biztechmagazine.com:
Never Heard of XSS? Read more

www.biztechmagazine.com:
You've Got Phish. Read more

www.whitehatsec.com:
Myth-Busting AJAX (In)security. Read more

www.pldsecurity.de:
System Backdoors Explained. Read more

www.infogreg.com:
Advanced Survival Techniques in Malware. Read more

www.technewsworld.com:
Should the Government Have Access to Personal E-Mails? Read more

www.itmanagersjournal.com:
Nine ways to combat spam. Read more

www.infoworld.com:
Virtual concerns. Read more

blogs.msdn.com:
Chinese and Hebrew IE7 Released. Read more

money.cnn.com:
How Vista will take over your living room. Read more

www.newsfactor.com:
Is Windows Vista Immune to Malware? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
KDE kdegraphics JPEG kfile-info Plug-in EXIF Parsing Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
Sun Java System Web Proxy Server Lets Remote Users Conduct HTTP Request Smuggling Attacks. Read more

securitytracker.com:
Sun Java System Web Server Lets Remote Users Conduct HTTP Request Smuggling Attacks. Read more

securitytracker.com:
Sun Java Application Server Lets Remote Users Conduct HTTP Request Smuggling Attacks. Read more

securitytracker.com:
Solaris SIGKILL/PCAGENT Race Condition Lets Local Users Deny Service. Read more

securitytracker.com:
GNOME Structured File Library ole_init_info() Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MailEnable IMAP Bugs Let Remote Authenticated Users Deny Service and Potentially Execute Arbitrary Code. Read more

 

Tools:
www.thesimpledollar.com:
30 Essential Pieces Of Free (and Open) Software for Windows. Read more

 

News
www.securityfocus.com:
Jihadists threatens attacks for Christmas. Read more

www.computerworld.com:
Security analysts downplay cyberterror threat. Read more

www.infoworld.com:
Jihadists publish cyber security magazine. Read more

news.com.com:
Wikipedia lays bare two versions of China's past. Read more

www.darkreading.com:
Hacker Cuts Swath Through US Government Computers. Read more

www.itnews.com.au:
ActiveX flaw leaves Adobe apps vulnerable. Read more

www.itnews.com.au:
McAfee: Top 2007 threats will be money-makers. Read more

www.darkreading.com:
Spying on Spyware. Read more

www.securityfocus.com:
Apple DMG flaw not so serious? Read more

www.cbronline.com:
Stolen laptops illustrate need to secure remote data. Read more

. 01 December 2006

Guides, Papers, etc
www.cs.washington.edu:
Devices That Tell On You: The Nike+iPod Sport Kit. Read more

www.eweek.com:
Sweatshops: The Ultimate Botnet? Read more

www.f-secure.com:
It's been a while. Bagle. Read more

isc.sans.org:
US DHS banking alert (NEW). Read more

www.avertlabs.com:
On defensive technologies turning offensive and vice-versa..Read more

www.mcafee.com:
Audio: McAfee Avert Labs Unveils Predictions For Top 10 security threats. Download podcast now.

i.cmpnet.com:
Audio: Interview With Oracle's Ted Farrell. Listen

www.podtrac.com:
Audio: Security Now 68: Q&A 12. Listen

www2.csoonline.com:
Security In Microsoft Vista? It Could Happen. Read more

www.microsoft.com:
Windows Vista Step-by-Step Guides for IT Professionals. Read more

www.esecurityplanet.com:
'Tis the Season (To Get Scammed). Read more

securitywatch.eweek.com:
Cracking the BlackBerry with a $100 Key. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
KOffice Integer Overflow in KPresenter May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Google Search Appliance UTF-7 Processing Bug Permits Cross-Site Scripting Attacks. Read more

 

Tools:
www.honeynet.org:
The Honeynet Project and Honeynet Research Alliance are happy to announce the release of Honeysnap 1.0. Read more

sourceforge.net:
Gamja : Web vulnerability scanner. Read more

reedarvin.thearvins.com:
PWDumpX allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. Download

 

News
news.zdnet.co.uk:
US issues al-Qaeda cyberattack warning. Read more

today.reuters.com:
Financial firms warned of Qaeda cyber attack. Read more

www.zdnet.com.au:
Vista vulnerable to malware from 2004. Read more

www.latimes.com:
Computer expert accused of hacking government sites. Read more

www.theregister.co.uk:
UK2 victim of IP hijacking. Read more

news.com.com:
Most security tools not quite ready for Vista. Read more

www.darkreading.com:
Month of Kernel Bugs Ends in Controversy. Read more

www.darkreading.com:
New Threats Loom for 2007. Read more

www.vnunet.com:
Phishers don't like Mondays. Read more

www.cbronline.com:
Amegy increases online banking security measures. Read more

www.biosmagazine.co.uk:
Hackers Can Eavesdrop 70% Of Web Calls. Read more

www.breitbart.com:
Data on U.S. military's Iraqi operations leaked onto Internet+. Read more

www.terra.net.lb:
Gates charity funds free Internet access in Eastern Europe, Botswana. Read more

redtape.msnbc.com:
ATM system called unsafe. Read more


Copyright� MegaSecurity.org