Home    News Archive    Translate Traducen

News February 2005

28 February 2005 Guides, Papers, etc weblogs.asp.net: More miscreant hiding techniques and some interesting observations on the Hacker Defender rootkit . . . Read more www.eeye.com: Remote Windows Kernel Exploitation Step into the Ring 0. Read more seclab.cs.sunysb.edu: An Approach for Detecting Self-Propagating Email Using Anomaly Detection. Read more Fake FBI email Worm Exposed. Read more   Vulnerabilities & Exploits www.securitytracker.com: CIS WebServer Discloses Files Outside of the Document Directory to Remote Users. Read more www.securitytracker.com: cmd5checkpw May Let Local Users Access Files With Elevated Privileges. Read more www.securitytracker.com: STSF Font Server Daemon Lets Local Users Modify Arbitrary Files. Read more www.securitytracker.com: BadBlue Buffer Overflow in 'mfcisapicommand' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: KNet HTTP GET Request Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.k-otik.com: AWStats 6.x "pluginmode" Multiple Remote Command Execution Exploit. Read more www.k-otik.com: Avaya IP Office Phone Manager Local Passwords Disclosure Exploit. Read more www.k-otik.com: WebConnect Directory Traversal and Denial of Service Exploit. Read more www.k-otik.com: Chat Anywhere Local Passwords Disclosure Proof of Concept Exploit. Read more www.k-otik.com: eXeem Local Passwords Disclosure Proof of Concept Exploit. Read more   News money.cnn.com: BofA: 1.2 million accounts jeopardized. Read more www.informationweek.com: Business Technology: Security, Microsoft, And High-Stakes Poker. Read more sanjose.bizjournals.com: Firefox browser ignites a fire under complacent Microsoft. Read more www.informationweek.com: What's Next For Explorer 7.0? Read more

27 February 2005 Guides, Papers, etc www.cs.pitt.edu: WORM vs. WORM: Preliminary Study of an Active Counter�Attack Mechanism. Read more www.finjan.com: Spyware and Adware � Threats and Countermeasures. Read more www.finjan.com: Phishing - Threats and Countermeasures. Read more www.pcworld.com: Caught a Virus? If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst. Read more www.astalavista.com: HACKING WITH JAVASCRIPT. Read more   Vulnerabilities & Exploits www.mozilla.org: Known Vulnerabilities in Mozilla. Read more www.mikx.de: Firescrolling. Read more www.securitytracker.com: Gaim Has Another HTML Processing Error That Lets Remote Users Crash the Client. Read more www.securitytracker.com: WU-FTPD wu_fnmatch() Globbing Error Lets Remote Users Deny Service. Read more www.securitytracker.com: CubeCart Input Validation Holes Permit Cross-Site Scripting Attacks and Disclose the Installation Path to Remote Users. Read more www.securitytracker.com: Mozilla Firefox Predictable Plugin Temporary Directory Lets Local Users Delete Files. Read more www.milw0rm.com: Exeem v0.2X Local Proxy Pass Exploit. Read more packetstormsecurity.org: Google Search and Gmail Correlation - Full Disclosure. Read more   News www.cio-today.com: Firefox: New Target for Hackers? Read more www.computerworld.com: Mozilla warns of security holes, updates Firefox. Read more www.rednova.com: Microsoft Acquisition Adds to Anti-Virus, Anti-Spam Arsenal. Read more www.theregister.co.uk: McAfee looks ahead after mediocre Q4. Read more www.itp.net: Gates shot down over security. Read more www.vnunet.com: Hook, line and stinkers ID theft, phishing scams and the public are causing big problems for firms. Read more news.zdnet.co.uk: ISS reveals cross-platform antivirus flaw. Read more

26 February 2005 Guides, Papers, etc www1.cs.columbia.edu: The 3rd Workshop on Rapid Malcode (WORM). Call for papers. Read more   Vulnerabilities & Exploits www.securitytracker.com: Mozilla Firefox XPCOM Access Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Gaim Can Be Crashed By Sending a Filename Containing a Parenthesis Character to a Remote User. Read more www.securitytracker.com: phpWebSite Announce Module Image Files Let Remote Users Execute Arbitrary PHP Code. Read more www.securitytracker.com: Batik Squiggle Scripting Error Lets Remote Users Access Resources. Read more www.securitytracker.com: PunBB Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: mkbold-mkitalic Format String Flaw May Let Remote Users Cause Arbitrary Code to be Executed. Read more www.securiteam.com: Multiple Vulnerabilities in WebConnect Exploit. Read more www.debian.org: DSA-690-1 bsmtpd -- missing input sanitising. Read more   News news.com.com: Payroll hole exposes dozens of companies. Read more www.theregister.co.uk: XP deloaded? MS tightens screws on loose product keys. Read more www.wired.com: Watchdogs Sniff Out Terror Sites. Read more news.zdnet.co.uk: ISS reveals cross-platform antivirus flaw. Read more www.theregister.co.uk: Firefox dusted down with security upgrade. Read more news.xinhuanet.com: Largest hacker group in China dissolves. Read more news.com.com: Microsoft IM release expected soon. Read more news.zdnet.co.uk: Microsoft patches firewall problems. Read more news.com.com: Cousins of pop-ups evade blockers. Read more www.theregister.co.uk: Small-minded Mozilla mocked by wider world. Read more news.zdnet.com: Payroll hole exposes dozens of companies. Read more news.com.com: Limp Bizkit porn leak could lead to Hilton hacker. Read more

25 February 2005 Guides, Papers, etc www.computerworld.com: The road to identity management: How to know who's who and what's what. Read more www.astalavista.com: Astalavista Group Security Newsletter Issue 13. Read more   Vulnerabilities & Exploits www.k-otik.com: Cisco ACNS Default Password and Denial of Service Vulnerabilities. read more xforce.iss.net: Trend Micro AntiVirus Library Heap Overflow. Read more www.cirt.net: AlterPath Manager (APM) reveals sensitive system information without authentication. Read more www.securitytracker.com: Soldier of Fortune II cl_guid Input Validation Error Lets Remote Users Deny Service. Read more www.securitytracker.com: TrendMicro PC-cillin Buffer Overflow in ARJ Parser Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: TrendMicro OfficeScan Buffer Overflow in ARJ Parser Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: TrendMicro ScanMail Buffer Overflow in ARJ Parser Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: TrendMicro InterScan VirusWall Buffer Overflow in ARJ Parser Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP-UX Unspecified ftpd Flaw Grants Unauthorized File Access to Remote Authenticated Users. Read more www.securitytracker.com: Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives. Read more www.securitytracker.com: Information Resource Manager LDAP Error Grants Access to Remote Users. Read more www.securitytracker.com: AlterPath Manager Discloses System Information and Lets Remote Authenticated Users View Consoles or Gain Administrative Privileges. Read more www.securitytracker.com: ProZilla Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PBLang Input Validation Holes in 'search.php', 'pmshow.php' and 'pm.php' Permit Cross-Site Scripting Attacks. Read more   News www.theregister.co.uk: Windows licensing - don't swallow it, says MS. Read more www.theregister.co.uk: Japan.gov weathers DDoS attack. Read more joongangdaily.joins.com: AhnLab president warns of big virus risk. Read more www.wired.com: Paris Hilton: Hacked or Not? Read more www.theregister.co.uk: Fighting computer crooks the Las Vegas way. Read more www.pcworld.com: Silence Fuels Speculation on Microsoft Security Plan. Read more www.theinquirer.net: Jealous lover hacked email. Read more

24 February 2005 Guides, Papers, etc Changing the Notification Process Developers have the opportunity to offer better vendor security procedures and notifications in an open-source world. Read more   Vulnerabilities & Exploits www.k-otik.com: IBM Hardware Management Console Guided Setup Wizard Vulnerability. Read more www.securitytracker.com: Linux Kernel Buffer Overflows in Moxa Char Driver Yield Root Privileges to Local Users. Read more www.securitytracker.com: Chat Anywhere Discloses Passwords to Local Users. Read more www.securitytracker.com: SendLink Discloses Passwords to Local Users. Read more www.securitytracker.com: iG Shop Input Validation Bugs Let Remote Users Execute SQL Commands. Read more www.securitytracker.com: eXeem Discloses Passwords to Local Users. Read more www.securitytracker.com: UnAce Buffer Overflows and Input Validation Holes May Let Remote Users Execute Arbitrary Code or Overwrite Files. Read more www.securitytracker.com: PeerFTP_5 Discloses FTP Passwords to Local Users. Read more www.securitytracker.com: phpBB Avatar Functions Let Remote Users View and Delete Files on the Target System. Read more   News www.zdnet.com.au: Viruses, Trojans and spam: the new joint venture. Read more www.informationweek.com: Microsoft Patches "Blue Screen Of Death" In Windows XP SP2. Read more www.gizmodo.com: T-Mobile Voice Mail Compromised; How to Protect Yourself. Read more www.zdnet.com.au: Spyware infiltrates blogs. Read more www.securityfocus.com: Japanese government computers hit by cyber attacks. Read more slate.msn.com: Can Your Phone Get a Virus? Read more www.theregister.co.uk: Fighting computer crooks the Las Vegas way. Read more www.viruslist.com: Successful social engineering helps worm spread. Read more www.vnunet.com: Compliance 'alphabet soup' will broaden role of security experts. Read more www.zdnet.com.au: Hackers on Medicare smart card waiting list. Read more www.theinquirer.net: Paris Hilton worm spreads fast. Read more www.informationweek.com: FBI: E-mails Bearing Worm Not From Us. Read more castlecops.com: Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload. Read more www.informationweek.com: Predicted Wave Of Worms Hits, Then Dissipates. Read more www.theregister.co.uk: MS and security: good effort but no cigar. Read more www.informationweek.com: Spam Costs Businesses Worldwide $50 Billion. Read more

23 February 2005 Guides, Papers, etc www.benedelman.org: How Google's Blogspot Helps Spread Unwanted Software. Read more www.securityfocus.com The High-Hanging Fruit. Now that Microsoft has pruned Windows of its most serious remote-access holes, its time Redmond fixes the local vulnerabilities too. Read more www.freep.com: HEATHER NEWMAN: How to outwit would-be hackers. Read more www.sans.org: Virii Generators: Understanding the Threat. Read more www.cs.plu.edu: Effect of Malicious Traffic on the Network. Read more   Tools RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootki   Vulnerabilities & Exploits www.securitytracker.com: vBulletin 'misc.php' Lets Remote Users Injection PHP Code via the 'template' Parameter. Read more www.securitytracker.com: MediaWiki Input Validation Holes Permit Cross-Site Scripting Attacks and Directory Traversal Flaw Lets Remote Authenticated Administrators Delete Files. Read more www.securitytracker.com: fallback-reboot Lets Remote Users Deny Service. Read more www.securitytracker.com: GigaFast EE400-R Router Discloses Administrative Password to Remote Users and Can Be Crashed By Remote Users. Read more www.securitytracker.com: Arkeia Network Backup Type 77 Request Buffer Overflow Yields Root/LocalSystem Access to Remote Users. Read more www.securiteam.com: Knox Arkeia Server Backup Stack Overflow. Read more www.k-otik.com: Mac OS X "Java Plug-in" Security Update (2005-002). Read more www.k-otik.com: phpBB2 Arbitrary File Unlink and Disclosure Vulnerabilities. Read more www.k-otik.com: cURL/libcURL NTLM and Kerberos Authentication Buffer Overflows. Read more   News www.theregister.co.uk: Wormability formulae weighs malware risks. Read more www.theregister.co.uk: NY teen charged over IM spam attack. Read more www.theregister.co.uk: Microsoft compensates blocked Dutch web firm. Read more news.zdnet.co.uk: Virus writer says 'I love you' again. Read more www.chron.com: Virus uses FBI address. Read more news.zdnet.co.uk: Paris Hilton used as virus bait. Read more news.zdnet.co.uk: New worms turn up. Read more www.theregister.co.uk: OFT in net spam scam crackdown. Read more

22 February 2005 Guides, Papers, etc Early Bird: Catching worms while sysadmins sleep (pdf). Read more   Vulnerabilities & Exploits www.k-otik.com/: Invision Power Board SML Codes Cross Site Scripting Vulnerability. Read more www.securitytracker.com: Mambo Include File Error in 'Tar.php' Lets Remote Users Execute Arbitrary Commands on the Target System. Read more www.securitytracker.com: Uim Environment Variables May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Xinkaa WEB Station Discloses Files Outside of the Document Directory to Remote Users. Read more www.securitytracker.com: Bontago Buffer Overflow in Processing Nickname May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PuTTY SFTP/SCP Integer Overflow in Processing FXP_OPEN and FXP_READDIR Responses Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: Linux Vulnerability Allows Non-Privileged Users to Read Kernel Memory. Read more www.securiteam.com: 3com 3CDaemon FTP Unauthorized "USER" Buffer Overflow (Windows/POSIX). Read more   News habaneronetworks.com: Windows Firewall Has A Backdoor. Read more www.pcauthority.com.au: Virus writers launch Paris Hilton worm. Read more today.reuters.com: Hacking Attacks Rarely Made Public, Experts Say. Read more www.billingsgazette.com: Smarter phones are susceptible to virus trouble. Read more www.net4nowt.com: New wave of viruses predicted. Read more www.computerworld.com: New Sober worm moving fast, security company warns. Read more www.computerweekly.com: Microsoft plans better security for Explorer. Read more www.vnunet.com: Online dangers increase. Read more www.it-observer.com: Paris Hilton's phonebook hacked, posted online. Read more www.vnunet.com: Cabir mobile phone virus hits the US. Read more www.expressnewsline.com: Cell Phone Virus Cabir Grips United States. Read more

21 February 2005 Tools freshmeat.net: Secure Back Door (SBD) is a tool that provides ultra-secure and minimal access to a computer, which allows you to run a single command based on a one time key. It is good if you don't want to have an SSH server running all the time, and only want to start it when needed. Read more   Vulnerabilities & Exploits www.securitytracker.com: pMachine Include File Error in 'mail_autocheck.php' Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Zeroboard Input Validation Holes in 'zboard.php' and 'view_image.php' Permit Cross-Site Scripting Attacks. Read more   News www.vnunet.com: Call for unity in fight against cyber-crime. Read more www.securityfocus.com: Decision to sell antivirus products places Microsoft in quandary. Read more www.insanely-great.com: Microsoft: Ultimate Winner in the Virus Wars? Read more www.globetechnology.com: Microsoft's IT security plans spark controversy. Read more nwc.securitypipeline.com: Many Wireless Security Breaches Reported At Security Conference. Read more www.bizjournals.com: VoIP hackers can put spam in your ear. Read more www.eweek.com: Google's Tool Bar Links Stir Debate. Read more

20 February 2005 Guides, Papers, etc searchsecurity.techtarget.com: RSA 2005: A chat with Sybari's Joe Licari. Read more www.computerworld.com: Application security testing in black and white. Read more www.cs.washington.edu: Measurement and Analysis of Spyware in a University Environment. Read more   Tools www.hat-squad.com: Findjmp2 is a modified version of Findjmp from Eeye.com to find jmp,call,push in a loaded DLL. This version includes search for pop/pop/ret set of instructions that is usefull to bypass WinXP SP2 and Win2003 stack protection mechanism.   Vulnerabilities & Exploits www.securitytracker.com: glftpd Plugins Disclose Files to Remote Authenticated Users. Read more www.securitytracker.com: Tarantella Enterprise Discloses to Remote Users Whether Usernames are Valid. Read more www.securitytracker.com: Bidwatcher Format String Error in 'netstuff' May Let Remote Users Execute Arbitrary Code in Certain Cases. Read more www.securitytracker.com: TrackerCam Discloses Files to Remote Users and Can Be Crashed By Remote Users. Read more   News: www.theregister.co.uk: BT abandons scheme to block rogue diallers. Read more www.keralanext.com: US: Mobile phone virus found in United States. Read more

19 February 2005 Guides, Papers, etc www.securityfocus.com: Complexity Kills Innovation. Read more tennis.ecs.umass.edu: Internet Worm Propagation Simulator. Read more www.apachesecurity.net: Apache Security, Installation and configuration. Read more   Tools www.sys-security.com: Xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. Read more   Vulnerabilities & Exploits www.securitytracker.com: Yahoo! Messenger Lets Remote Users Spoof Filenames During File Transfer. Read more secunia.com: Yahoo! Messenger Audio Setup Wizard Privilege Escalation. Read more www.securitytracker.com: Gaim HTML Processing Error Lets Remote Users Crash the Client. Read more www.securitytracker.com: Gaim SNAC Packet Parsing Error Lets Remote Users Deny Service. Read more www.securitytracker.com: paFAQ Input Validation Holes Permit SQL Injection Attacks. Read more secunia.com: Fedora update for kdeedu. Read more secunia.com: BibORB Multiple Vulnerabilities. Read more secunia.com: Microsoft ASP.NET Unicode Conversion Cross-Site Scripting. Read more www.debian.org: DSA-687-1 bidwatcher -- format string. Read more   News: www.vnunet.com: Experts beat script kiddies at their own game. Read more www.vnunet.com: Gartner slams Microsoft's security strategy. Read more www.pcadvisor.co.uk: Microsoft warns of new security threat. Read more news.zdnet.co.uk: Microsoft's security strategy pilloried. Read more msnbc.msn.com: Mobile Phone Virus Found in United States. Read more www.theregister.co.uk: DEC 'tsunami hack' man pleads not guilty. Read more www.vnunet.com: Internet Explorer 7 promised for the summer. Read more www.vnunet.com: Patch bundles under fire. Read more news.zdnet.co.uk: Lexus denies in-car virus claims. Read more

18 February 2005 Guides, Papers, etc www.microsoft.com: A parent's primer to computer slang. Read more www.rootkit.com: Create New Autorun By Patching Explorer.exe. read more   Tools www.informit.com: Elcomsoft's PWSEX vs. AtStake's L0phtcrack (Revised). Read more   Vulnerabilities & Exploits archives.neohapsis.com: IE/OE Restricted Zone Status Bar Spoofing. Read more www.securitytracker.com: BibORB Various Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: wpa_supplicant Key Data Length Missing Validation Lets Remote Users Crash the Service. Read more www.securitytracker.com: NewsBruiser Lets Remote Users Bypass Comment Feature Access Controls. Read more www.securitytracker.com: paNews 'comment.php' Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: MercuryBoard 'forum.php' Input Validation Error in 'f' Parameter Permits Cross-Site Scripting Attacks. Read more www.securiteam.com: 3Com FTP Server Buffer Overflow (CD). Read more www.debian.org: DSA-686-1 gftp -- missing input sanitising. Read more www.debian.org: DSA-685-1 emacs21 -- format string. Read more   News: habaneronetworks.com: Major Phishing Hole Found In IE and Outlook Express. Read more www.cbronline.com: Microsoft to face regulator over bundled accounting software. Read more www.securityfocus.com: Feds square off with organized cyber crime. Read more www.vnunet.com: Latest Mydoom mutant on the loose. Read more www.theregister.co.uk: Security experts warn of 'scary' new web scam. Read more www.vnunet.com: Linux fan concedes Microsoft is more secure. Read more www.reuters.com: Microsoft Walking Fine Line with Security Push. Read more www.reuters.com: Microsoft to Recall Xbox Cords Due to Electrical Issue. Read more www.theregister.co.uk: Apple suspends online hack subpoenas Read more

17 February 2005 Guides, Papers, etc research.microsoft.com: Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. Read more rootkit.host.sk: How to become unseen on Windows NT. Read more ftp.research.microsoft.com: AskStrider: What Has Changed on My Machine Lately? Read more research.microsoft.com: Strider GhostBuster: Why It�s A Bad Idea For Stealth Software To Hide Files. Read more www.schneier.com: Schneier on Security: GhostBuster. Read more www.securityfocus.com: Windows NTFS Alternate Data Streams. Read more www1.umn.edu: Windows Rootkits. Read more   Vulnerabilities & Exploits www.k-otik.com: Advanced Linux Sound Architecture Stack-Execution protection Bypass. Read more www.k-otik.com: osCommerce "Contact_us" Cross Site Scripting Vulnerability. Read more www.securitytracker.com: Typespeed Format String Flaw in HOME Variable Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: KDE Buffer Overflow in 'fliccd' Yields Root Privileges to Local Users and May Let Remote Users Access the System. Read more www.securitytracker.com: DCP-Portal Input Validation Flaws in 'index.php' and 'forums.php' Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: phpMyAdmin '\libraries\select_lang.lib.php' Discloses Installation Path to Remote Users. Read more www.securitytracker.com: Synaesthesia Lets Local Users View Arbitrary Files. Read more www.debian.org: DSA-684-1 typespeed -- format string. Read more   News: www.microsoft.com: Remarks by Bill Gates, Chairman and Chief Software Architect, Microsoft Corporation RSA Conference 2005: "Security: Raising the Bar". Read more www.vnunet.com: Microsoft's enterprise security under fire. Read more www.microscope.co.uk: Microsoft promises heavy investment to tackle security threats. Read more www.infoworld.com: Researchers find security flaw in SHA-1. Read more www.vnunet.com: Online fraud hits record levels. Read more www.vnunet.com: IT security industry faces a tough 2005. Read more www.vnunet.com: 'Deadcode' virus attempts political mischief. Read more www.webroot.com: SYSTEM MONITOR AND TROJAN HORSE INFECTION RATES RISE IN THE ENTERPRISE. Read more www.theregister.co.uk: T-Mobile hacker pleads guilty. Read more www.theregister.co.uk: Scammers say 'No' to drugs, 'Yes' to fraud. Read more

16 February 2005 Guides, Papers, etc www.corante.com: Eight years of email stats, pass 1. Read more www.javelinstrategy.com: 2005 Identity Fraud Survey Report. Read more xss-proxy.sourceforge.net: Advanced Cross-Site-Scripting with Real-time Remote Attacker Control. Read more www.cs.ucsd.edu: Internet Quarantine: Requirements for Containing Self-Propagating Code. Read more   Vulnerabilities & Exploits www.guninski.com: linux kernel 2.6 fun. windoze is a joke. Read more www.k-otik.com: AWStats Command Execution and Information Disclosure Vulnerabilities. Read more www.securitytracker.com: Sami HTTP Server Input Validation Holes Disclose Files to Remote Users and Let Remote Users Crash the Service. Read more www.securitytracker.com: Linux Kernel '/proc' Signed Integer Errors Let Local Users Execute Arbitrary Code. Read more www.securitytracker.com: ALSA 'libasound.so' Lets Local Users Disable Stack Protection. Read more www.securitytracker.com: HP HTTP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Armagetron Game Service Can Be Crashed By Remote Users. Read more   News: seattletimes.nwsource.com: Microsoft readies its security arsenal. Read more informationweek.securitypipeline.com: Gates: New Internet Explorer, With Improved Security, Coming This Summer. Read more www.theregister.co.uk: Gates: security concerns propel IE7 launch. Read more news.zdnet.com: Windows anti-spyware to come free of charge. Read more www.newsfactor.com: Anti-Virus Firms to Microsoft: Bring It On. Read more news.zdnet.com: Symantec: Who's afraid of Microsoft? Read more www.theregister.co.uk: Passwords? We don't need no stinking passwords. Read more www.lawfuel.com: hacker who victimized T-Mobile pleads guilty. Read more news.xinhuanet.com: New technology helps curb online DVD piracy. Read more www.earthtimes.org: Phishing incidents growing 25% a month: Report. Read more

15 February 2005 Guides, Papers, etc www.amazon.com: The Art of Computer Virus Research and Defense. Read more ghh.sourceforge.net: Google Hack Honeypot Manual. Read more   Tools ghh.sourceforge.net: "Google Hack" honeypot project. Read more   Vulnerabilities & Exploits www.gentoo.org: Opera: Multiple vulnerabilities. Read more www.securiteam.com: AppleFileServer (AFS) FPLoginExt DoS. Read more www.securiteam.com: BrightStor ARCserve Backup Buffer Overflow. Read more www.securiteam.com: PHP-Nuke POST Method Admin Variable Privilege Escalation. Read more www.securitytracker.com: Open WebMail Input Validation Flaw in 'logindomain' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.debian.org: DSA-682-1 awstats -- missing input sanitising. Read more www.waraxe.us: [waraxe-2005-SA#040] - Full path disclosure and XSS in PhpNuke 6.x-7.6. Read more   News: www.securityfocus.com: Spyware, adware threat to be hot topic at security conference. Read more www.theregister.co.uk: China shuts 12,500 'illegal' cybercafes. Read more www.virusthreatcenter.com: Microsoft gleans top 10 basic security errors from thousands of help desk calls. Read more seattletimes.nwsource.com: Juvenile sentenced in Microsoft attack. Read more www.computerweekly.com: Rising need for security patches provides Microsoft with a way to stamp out piracy. Read more news.zdnet.co.uk: Fur protesters launch Web attacks. Read more www.securityfocus.com: More Advisories, More Security. Read more news.zdnet.co.uk: War of the Worlds Web site hacked. Read more www.bizjournals.com: WebTV hacker may get 'prison channel'. Read more

14 February 2005 Guides, Papers, etc www.cyberguard.com: A Brief Look at the Evolution of Killer Worms. Read more   Vulnerabilities & Exploits tsyklon.informatik.rwth-aachen.de: Credit Card data disclosure in CitrusDB. Read more www.gentoo.org: PowerDNS: Denial of Service vulnerability. Read more www.securiteam.com: Exim auth_spa_server() Buffer Overflow Exploit. Read more www.securiteam.com: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit. Read more www.securiteam.com: ELOG Remote Shell Exploit. Read more tsyklon.informatik.rwth-aachen.de: Authentication bypass in CitrusDB. Read more   News: www.informationweek.com: You Call This Trustworthy Computing? Read more www.securityfocus.com: U.S. info-sharing initiative called a flop. Read more informationweek.com: RSA Show Demos Tackle Wide Range of Issues. Read more www.eweek.com: XP SP2 Flaw Warning Sparks Debate on Disclosure. Read more www.eweek.com: Microsoft Plots Fixes to IE Browser. Read more today.reuters.co.uk: "Google hacking" digs up sensitive material. Read more www.cooltechzone.com: Microsoft and Pfizer team up to fight Spam. Read more www.itp.net: BorderWare tackles VoIP security. Read more www.newstarget.com: New international anti-spam council pledges to fight spam around the world. Read more www.integratedmar.com: HP Virus Throttle 'throttles down' detecting virus activity. Read more

13 February 2005 Guides, Papers, etc www.computerworld.com: The curse of the secret question. Read more support.microsoft.com: MSN: How to disable MSN Messenger and MSN Web Messenger in a corporate environment. Read more weblogs.asp.net: Why you shouldn't be using passwords of any kind on your Windows networks . . . Read more 2005.rsaconference.com: RSA Conference 2005. Read more www.astalavista.com: Phishing On The Lower Level. ARP Injecting / Phishing. Read more   Tools www.microsoft.com: Microsoft Creates Free Utility for Detecting Network Sniffers. Read more www.hashcash.org: Hashcash is a denial-of-service counter measure tool. Its main current use is to help hashcash users avoid losing email due to content based and blacklist based anti-spam systems.   Vulnerabilities & Exploits www.securitytracker.com: OpenPGP CFB Mode Is Subject to Adaptive Chosen-Plaintext Attacks. Read more www.securitytracker.com: ZoneAlarm IPC Null Pointer Dereference Lets Local Users Crash the System. Read more www.milw0rm.com: EXIM <= 4.43 auth_spa_server() Remote PoC Exploit. Read more www.milw0rm.com: Mercuryboard <= 1.1.1 Working Sql Injection. Read more www.milw0rm.com: BrightStor ARCserve Backup buffer overflow PoC. Read more www.milw0rm.com: Quake 3 Engine Infostring Crash and Shutdown Exploit. Read more   News: www.pcpro.co.uk: Children recruited to commit cyber crime claims report. Read more www.sun-sentinel.com: Online banking victim files suit; $90,000 lifted from account traced to Latvia. Read more www.menafn.com: Youth who released Web worm sentenced. Read more www.vnunet.com: Virus warning hits Windows Media Player. Read more www.vnunet.com: Scammers hijack company identities. Read more www.computerworld.com: IT execs seek weapons to fight spyware. Read more www.pcpro.co.uk: Virus writers pledge a poisoned love for Valentine's day. Read more www.theregister.co.uk: Opera to MS: Get real about interoperability, Mr Gates. Read more www.securitypipeline.com: Microsoft Tries To Head Off MSN Messenger Attack. Read more www.techweb.com: Hackers Quickly Target Newly Disclosed Microsoft Flaw. Read more news.com.com: Court: Hollywood gets P2P giant's server logs. Read more news.com.com: Microsoft: Watch out for rogue code. Read more www.pcpro.co.uk: Media Player exploit found on the Internet. Read more www.halifaxlive.com: Heavyweights Take On Viagra Spammers. Read more

12 February 2005 Guides, Papers, etc www.howtocreate.co.uk: Browser speed comparisons. Read more www.virusbtn.com: VirusScanners compared. Read more www.geocities.com/amz: Return on Information Security Investment. Read more   Vulnerabilities & Exploits www.k-otik.com: OpenPGP Cipher Feedback Mode (CFB) Chosen-Ciphertext Attacks. Read more www.idefense.com: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability. Read more www.securitytracker.com: Sympa Buffer Overflow in 'queue.c' Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: xpcd Buffer Overflow in Processing Filenames Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more www.securitytracker.com: Apache mod_python Publisher Handler Discloses Information to Remote Users. Read more www.securitytracker.com: hztty Lets Local Users Execute Arbitrary Commands With Elevated Privileges. Read more www.securitytracker.com: HP-UX BIND Has Unspecified Remote Denial of Service Flaw. Read more www.debian.org: DSA-678-1 netkit-rwho -- missing input validation. Read more www.debian.org: DSA-677-1 sympa -- buffer overflow. Read more www.debian.org: DSA-676-1 xpcd -- buffer overflow. Read more   News: www.microsoft.com: Proof-of-Concept Code Increases Risk to Computer Users. Read more www.theregister.co.uk: Browser holes, hackers and rampaging botnets. Read more www.theregister.co.uk: Patch now against virus-writing clowns. Read more www.betanews.com: Exploit Forces MSN Messenger Upgrade. Read more www.eweek.com: All Eyes Turn to Microsoft at RSA Security Powwow. Read more www.infoworld.com: Microsoft pushes into crowded security theater. Read more www.theregister.co.uk: Opera to MS: Get real about interoperability, Mr Gates. Read more www.infoworld.com: IM viruses: The next big threat? Read more www.theregister.co.uk: UK firms warned of corporate hijack risk. Read more www.theregister.co.uk: Man charged in DEC hacking case. Read more www.theregister.co.uk: Dating scammers fined �68k. Read more informationweek.com: IBM Sees Hackers Going Mobile, Targeting Phones, Handhelds And Cars. Read more

11 February 2005 Guides, Papers, etc www-1.ibm.com: IBM Report: Surge in Viruses and Worms Targeting Mobile Devices, Satellite Communications Anticipated in 2005. Read more   Vulnerabilities & Exploits securitytracker.com: DelphiTurk FTP Discloses Passwords to Local Users. Read more securitytracker.com: BrightStor ARCserve Backup Buffer Overflow in Discovery Service Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: MercuryBoard 'func/post.php' Input Validation Error ini'qu' Parameter Lets Remote Users Inject SQL Commands. Read more securitytracker.com: MyPHP Forum Input Validation Holes Let Remote Users Inject SQL Commands. Read more securitytracker.com: ArGoSoft Mail Server Input Validation Holes Allow Remote Authenticated Users to Upload/Download Files and Create/Delete Directories. Read more www.idefense.com: Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor. Read more www.k-otik.com: Yongguang Zhang Hztty Local Privilege Escalation Vulnerability. Read more xforce.iss.net: F-Secure AntiVirus Library Heap Overflow. Read more www.idefense.com: IBM AIX lspath Local File Access Vulnerability. Read more www.debian.org: DSA-675-1 hztty -- privilege escalation. Read more www.debian.org: DSA-674-1 mailman -- cross-site scripting, directory traversal. Read more www.debian.org: DSA-673-1 evolution -- integer overflow. Read more www.debian.org: DSA-672-1 xview -- buffer overflows. Read more   News: www.theregister.co.uk: Symantec anti-virus flaw hits 30 products. Read more www.zdnet.com.au: Symantec flaw leaves opening for viruses. Read more www.techweb.com: Microsoft Acquisition Rattles Security Firms' Investors. Read more www.securityfocus.com: Hackers sued for tinkering with Xbox games. Read more www.theregister.co.uk: Pfizer and MS sue Viagra spam gangs. Read more news.com.com: Spyware takes aim at Mozilla browsers. Read more news.com.com: Microsoft probes anti-spyware Trojan. Read more news.com.com: Vigilantes launch attack on scam sites. Read more www.theregister.co.uk: Beware the unexpected attack vector. Read more www.theregister.co.uk: Small.biz gets the virus jitters. Read more www.wwwcoder.com: Avoid Internet Theft, Fraud and Phishing. Read more news.com.com: Movie blackout for P2P networks? Read more www.infoworld.com: Exploit released for MSN Messenger 'avatar' hole. Read more news.com.com: Tech execs ask Bush for cybersecurity commission. Read more

10 February 2005 Guides, Papers, etc www.securityfocus.com: Penetration Testing IPsec VPNs. Read more www.microsoft.com: Preventing Lockups When Upgrading to Windows XP Service Pack 2. Read more story.news.yahoo.com: For Spammers, Worm Turns a Profit. Read more   Vulnerabilities & Exploits www.immunitysec.com: SMB remote vulnerabilities in Windows. Read more www.k-otik.com: Netscape Browser Multiple Drag and Drop Vulnerabilities. Read more www.idefense.com: IBM AIX auditselect Local Format String Vulnerability. Read more www.k-otik.com: Microsoft Hyperlink Object Library Remote Code Execution / MS05-015. Read more www.k-otik.com: Microsoft Internet Explorer Cumulative Security Update / MS05-014. Read more www.k-otik.com: Microsoft DHTML Editing Component ActiveX Control Issue / MS05-013. Read more www.k-otik.com: Microsoft OLE and COM Structured Storage Vulnerability / MS05-012. Read more www.k-otik.com: Microsoft Server Message Block (SMB) Remote Code Execution / MS05-011. Read more www.k-otik.com: Microsoft Windows License Logging Service Vulnerability / MS05-010. Read more www.k-otik.com: Microsoft Products PNG Processing Remote Code Execution / MS05-009. Read more www.k-otik.com: Microsoft Windows Shell Drag and Drop Vulnerability / MS05-008. Read more www.k-otik.com: Windows Named Pipe Connection Information Disclosure / MS05-007. Read more www.k-otik.com: Windows SharePoint & SharePoint Team Services XSS / MS05-006. Read more www.k-otik.com: Microsoft Office XP Remote Code Execution Vulnerability / MS05-005. Read more www.k-otik.com: Microsoft ASP.NET Path Validation Vulnerability / MS05-004. Read more www.coresecurity.com: MSN Messenger PNG Image Parsing Vulnerability. Read more xforce.iss.net: Symantec AntiVirus Library Heap Overflow. Read more securitytracker.com: SafeNet SoftRemote VPN Client Discloses Key to Local Users. Read more securitytracker.com: 3Com 3CServer FTP Command Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: PostWrap Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: RealArcade Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: SquirrelMail S/MIME Plugin Lets Remote Authenticated Users Execute Arbitrary Commands. Read more securitytracker.com: ALSA Utilities Unsafe Temporary File May Let Local Users Gain Root Privileges. Read more securitytracker.com: Mozilla Firefox 'run-mozilla.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: 602LAN SUITE Input Validation Bug Lets Remote Authenticated Users Upload and Execute Files. Read more securitytracker.com: Netscape IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates. Read more securitytracker.com: Mozilla Firefox Hybrid Image Bug Allows Batch Statements to Be Draged to the Desktop and Tabbed Javascript Bugs Let Remote Users Access Other Windows. Read more lists.netsys.com: [Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability. Read more   News: www.microsoft.com: Microsoft Security Bulletin Summary for February, 2005. Read more www.theregister.co.uk: Banking Trojan disables MS Anti-Spyware. Read more www.theregister.co.uk: Microsoft posts record 13 patches. Read more news.com.com: Symantec flaw leaves opening for viruses. Read more www.securityfocus.com: Hackers sued for tinkering with Xbox games. Read more www.securityfocus.com: Unexpected Attack Vectors. Read more www.securityfocus.com: Of Dog Sniffs and Packet Sniffs. Read more www.theregister.co.uk: My car has a virus (and other security threats). Read more www.theregister.co.uk: Vendors exit anti-spyware group. Read more www.vnunet.com: Europeans unite to track spammers. Read more www.vnunet.com: IT experts join EU security agency. Read more www.vnunet.com: Spoofing flaw hits web browsers. Read more www.vnunet.com: Microsoft boosts security with Sybari buy. Read more

08 February 2005 Guides, Papers, etc www.cs.ucsd.edu: Internet Outbreaks: Epidemiology and Defenses. Read more   Vulnerabilities & Exploits www.k-otik.com: Multiple Browsers URL and SSL Certificates Spoofing Vulnerability. Read more www.k-otik.com: 3CServer Multiple FTP Commands buffer overflow Vulnerability. Read more www.idefense.com: SquirrelMail S/MIME Plugin Command Injection Vulnerability. Read more www.idefense.com: IBM AIX chdev Local Format String Vulnerability. Read more securitytracker.com: Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code. Read more securitytracker.com: Mozilla Firefox IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates. Read more securitytracker.com: OmniWeb IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates. Read more securitytracker.com: KDE Konqueror IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates. Read more securitytracker.com: Opera IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates. Read more securitytracker.com: Apple Safari IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates. Read morez securitytracker.com: Linux Kernel NTFS File System Error Messages May Let Users Deny Service. Read more securitytracker.com: DelphiTurk CodeBank Discloses Passwords to Local Users. Read more securitytracker.com: BXCP Lets Remote Users Include and Execute Local PHP Files. Read more securitytracker.com: xGB Grants Administrative Access to Remote Users. Read more securitytracker.com: PerlDesk Input Validation Hole in 'view' Parameter Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Frox Deny ACL Parsing Flaw in parse_match() May Let Remote Users. Read more www.debian.org: DSA-669-1 php3 -- several vulnerabilities. Read more www.mikx.de: Firetabbing - Proof-of-Concept. Read more   News: www.theregister.co.uk: Firefox spoofing flaw goes international. Read more news.zdnet.co.uk: Phishing flaw found - but not in IE. Read more www.theregister.co.uk: MCI 'makes $5m a year from spam gangs'. Read more www.theregister.co.uk: Key Windows man leaves Redmond. Read more news.zdnet.co.uk: Hacking fears hit e-voting plans. Read more news.zdnet.co.uk: UK man arrested in phishing probe. Read more news.com.com: More Microsoft phishing attacks. Read more

07 February 2005 Guides, Papers, etc zeedo.blogspot.com: Multiple AV vendors ignoring tar.gz. Read more www.scs.carleton.ca: DNS-based Detection of Scanning Worms in an Enterprise Network. Read more   Tools www.flowsecurity.org: Flaw Seeker - Buffer Overflow Tracking Tool. Read more   Vulnerabilities & Exploits www.k-otik.com: IBM AIX "auditselect" Local Format String Vulnerability. Read more www.securitytracker.com: RaidenHTTPD Input Validation Flaw Discloses Files to Remote Users. Read more www.securiteam.com: NewsPost Buffer Overflow Exploit. Read more   News: www.pcworld.idg.com.au: MSN Messenger worm raised to medium threat. Read more www.vnunet.com: Eudora open to multiple high risk flaws. Read more www.sun-sentinel.com: Online banking victim files suit; $90,000 lifted from account traced to Latvia. Read more www.oreillynet.com: Complaint Dropped Against DDoS Mafia. Read more www.neowin.net: Neowin Talks Security with Microsoft. Read more news.zdnet.com: Study: Few bugs in MySQL database. Read more news.zdnet.com: Gosling: Huge security hole in .Net. Read more news.com.com: Hate messages on Google site draw concern. Read more www.yonhapnews.co.kr: S. Korean Company Web Site Hacked by Anti-American Islamic Group. Read more www.theinquirer.net: Spammers play illegal XP Windows card. Read more www.gamespot.com: Yahoo! sues Xfire for patent infringement. Read more www.computerworld.com: Gates promotes government cooperation with security focus. Read more management.silicon.com: Spyware bill raises cookie fears. Read more

06 February 2005 Guides, Papers, etc www.benedelman.org: How VeriSign Could Stop Drive-By Downloads. Read more www.eecs.umich.edu: The Internet Motion Sensor: A distributed blackhole monitoring system. Read more   Vulnerabilities & Exploits www.securitytracker.com: Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Request. Read more www.securitytracker.com: Apple Safari Incorrectly Renders Text as HTML in Certain Cases. Read more   News: www.theregister.co.uk: Reboot daily, Tablet users advised. Read more castlecops.com: WEBROOT Resigns From Consortium Of Anti-Spyware Technology Vendors (COAST). Read more searchsecurity.techtarget.com: Compressed files strike another blow to AV. Read more www.pcworld.com: Are You Responsible for Internet Security? Read more www.eweek.com: Chicken Swimsuit Model Hides Nasty Worm. Read more www.eweek.com: MySQL Criticized in Wake of MySpooler Worm. Read more dsc.discovery.com: Microbots Grow Own Muscles from Cells. Read more

05 February 2005 Guides, Papers, etc sfgate.com: Why Does Windows Still Suck? Why do PC users put up with so many viruses and worms? Why isn't everyone on a Mac? Read more   Vulnerabilities & Exploits www.debian.org: DSA-668-1 postgresql -- privilege escalation. Read more www.debian.org: DSA-667-1 squid -- several vulnerabilities. Read more www.debian.org: DSA-666-1 python2.2 -- design flaw. Read more www.debian.org: DSA-665-1 ncpfs -- missing privilege release. Read more   News: www.theregister.co.uk: MSN Messenger worm seeds zombie networks. Read more news.zdnet.co.uk: MSN Messenger hit by double-whammy worm. Read more www.securityfocus.com: FBI e-mail breach feared. Read more www.theregister.co.uk: Fake tsunami appeal website terminated. Read more www.theregister.co.uk: JK Rowling warns on Harry Potter phishing scam. Read more www.it-observer.com: Beware of WiPhishing: Cirond Warns of New Wireless Security Danger. Read more www.sophos.com: Blackpool man arrested for phishing, Sophos reports. Read more news.zdnet.co.uk: Pensioners pioneer Internet security. Read more news.zdnet.co.uk: Email meltdown claims slammed. Read more www.chron.com: Spam has new way to evade security. Read more www.thewhir.com: Microsoft Unveils Search Engine. Read more athens-olympics-2004.newkerala.com: New disc to store hundreds of movies. Read more

04 February 2005 Guides, Papers, etc www.vnunet.com: Bugwatch: The commercialisation of malware. Read more security-papers.globint.com.a: Advanced SQL Injection in Oracle databases. Read more www.hackbusters.net: Worm and Virus Defense: How We Can Protect the Nation�s Computers From These Threats Today. Read more www.securityfocus.com: Linux Kernel Security is Lacking. Read more   Tools cse.msstate.edu: Travesty is an interactive program for managing the hardware addresses (MAC) of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address. It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Read more   Vulnerabilities & Exploits www.clickrisk.com: Clickrisk Advisory: Keyword Hijacking / Google Adwords Flaw. Read more www.k-otik.com: DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities. Read more securitytracker.com: Python SimpleXMLRPCServer May Let Remote Users Access Internal Data or Execute Arbitrary Code. Read more securitytracker.com: LANChat Pro Can Be Crashed By Remote Users. Read more securitytracker.com: Mambo Bugs in Processing Global Variables Let Remote Users Gain Administrative Access. Read more securitytracker.com: SunShop Shopping Cart Input Validation Hole in 'search' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: ngIRCd Format String Flaw in Log_Resolver() Grants Access to Remote Users. Read more securitytracker.com: ht://dig Unspecified Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: D-BUS Allows Local Users to Connect to the Session Bus. Read more securitytracker.com: Eudora Bugs in Processing E-mail, Stationary Files, or Mailbox Files Let Remote Users Execute Arbitrary Code. Read more   News: www.securityfocus.com: Supreme Court puts hacker sentences up for grabs. Read more www.computerworld.com: The dollars and cents of hacking. Read more www.theregister.co.uk: Botnets strangle Google Adwords campaigns. Read more www.theregister.co.uk: Worm poses as Saddam death pics. Read more www.ciol.com: New worm spreads via MSN Messenger. Read more www.vnunet.com: Spyware plague triples in three months. Read more www.vnunet.com: Spammers turn to directory harvest attacks. Read more www.eweek.com: Microsoft Preps 13 Security Advisories. Read more www.vnunet.com: Microsoft tackles governmental IT security. Read more www.theregister.co.uk: DEC warns of fake tsunami appeal website. Read more

03 February 2005 Guides, Papers, etc www.securityfocus.com: Apache 2 with SSL/TLS: Step-by-Step, Part 2. Read more www.peterszor.com: WORM WARS. Read more   Vulnerabilities & Exploits securitytracker.com: Cisco IP/VC Hard-Coded SNMP Community Strings Let Remote Users Access the Device. Read more securitytracker.com: Painkiller Buffer Overflow in Processing Gamespy cd-key Hash Value Lets Remote Users Crash the Game. Read more securitytracker.com: DeskNow Mail and Collaboration Server Directory Traversal Flaw Lets Remote Authenticated Users Upload and Delete Arbitrary Files. Read more securitytracker.com: Newspost Buffer Overflow in socket_getline() Lets Remote Users Crash the Process. Read more securitytracker.com: newsgrab Has Unsafe Directory Permissions and Lets Remote Users Cause Files to Be Saved to Alternate Locations. Read more securitytracker.com: RealPlayer Lets Remote Users Load Scripting Code from Local Files. Read more securitytracker.com: newsfetch sscanf Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Eurofull E-Commerce 'mensresp.asp' Permits Cross-Site Scripting Attacks. Read more www.securiteam.com: Microsoft Internet Explorer .ANI Files Handling ConnectBack Exploit (MS05-002). Read more www.debian.org: DSA-664-1 cpio -- broken file permissions. Read more   News: news.com.com: Zombie trick expected to send spam sky-high. Read more www.theregister.co.uk: Heise.de under DDoS attack. Read more news.com.com: Clueless about cookies or spyware? Read more www.vnunet.com: Wireless networks still open to drive-by hacks. Read more news.zdnet.co.uk: Phishers go for Potter fans. Read more news.zdnet.co.uk: Netscape gets 'No Phishing' sign. Read more news.zdnet.co.uk: Spammers 'tricking ISPs' into sending junk mail. Read more www.net4nowt.com: Magazine warns of greater hacking risk to broadband users. Read more news.com.com: Is hard time for worm author too harsh? Read more www.theregister.co.uk: Root kit surfaces after Jabber attack. Read more www.it-observer.com: Beyond the Patch Rat Race: Tools and Best Practices for Bastion Hosts O'Reilly Releases "Linux Server Security". Read more www.theregister.co.uk: SunnComm fixes 'Shift Key' embarrassment. Read more www.russellbeattie.com: Hacker attack post-mortem. Read more uk.news.yahoo.com: Singing worm abuses victims. Read more www.vnunet.com: The 'hacker tool' worm that gurned. Read more www.webuser.co.uk: Gurning worm welcomes hackers. Read more

02 February 2005 Guides, Papers, etc engr.smu.edu: Intrusion Detection for Viruses and Worms. Read more   Vulnerabilities & Exploits www.k-otik.com: Squid Handling of Oversized Reply Headers Vulnerability. Read more www.milw0rm.com: TinyWeb Server DoS Exploit. Read more secunia.com: RealPlayer RealMedia ".rm" Security Bypass Vulnerability. Read more www.debian.org: DSA-663-1 prozilla -- buffer overflows. Read more www.debian.org: DSA-662-1 squirrelmail -- several vulnerabilities. Read more www.securitytracker.com: Eurofull E-Commerce 'mensresp.asp' Permits Cross-Site Scripting Attacks. Read more   News: www.pcworld.idg.com.au: Microsoft seen poised to push anti-virus. Read more en.chinabroadcast.cn: Microsoft Enters Search Engine Battle. Read more en.chinabroadcast.cn: Microsoft Formally Launches Search Engine. Read more www.theregister.co.uk: Undead worms infest Windows PCs (again). Read more www.pcworld.idg.com.au: The Worm That Gurned � Email Virus Pulls A Funny Face, Sophos Reports. Read more news.zdnet.com: Zafi virus a top holiday hangover. Read more news.zdnet.com: Microsoft: SP2 shimmy's not a flaw. Read more news.zdnet.co.uk: Worm hijacks open source database. Read more www.theregister.co.uk: UK targets scammers in month-long campaign. Read more news.zdnet.com: Microsoft kicks off search effort. Read more

01 February 2005 Guides, Papers, etc www.theregister.co.uk: Interview with a link spammer. Read more www.securityfocus.com: Microsoft's Velvet Glove. Read more www.ngssoftware.com: Security Best Practice: Host Naming & URL Conventions. Read more www.astalavista.com: Web Services � Attacks and Defense. Read more www.pcworld.com: Create Your Own Windows Security Analysis Tool. Read more www.research.ibm.com: Computers and Epidemiology. Read more   Tools www.diamondcs.com.au: Advanced Process Manipulation. DiamondCS APM is an advanced process/module viewer and manipulation utility that allows unique control over target processes by becoming a part of them. Read more   Vulnerabilities & Exploits securitytracker.com: ngIRCd Buffer Overflow in Lists_MakeMask() Lets Remote Users Deny Service. Read more securitytracker.com: Eternal Lines Web Server Lets Remote Users Deny Service With Multiple Simultaneous Connections. Read more securitytracker.com: Squid Buffer Overflow in WCCP recvfrom() Lets Remote Users Deny Service. Read more securitytracker.com: Captaris Infinite Mobile Delivery Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks and Determine the Installation Path. Read more securitytracker.com: Xpand Rally Memory Allocation Error Lets Remote Users Deny Service. Read more securitytracker.com: JShop Input Validation Flaw in 'product.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: cpio -O Unsafe umask May Let Local Users Read or Overwrite Archives. Read more securitytracker.com: CitrusDB Discloses Credit Card Import/Export Data to Remote Users. Read more securitytracker.com: Juniper JUNOS Unspecified Packet Processing Error Lets Remote Users Deny Service. Read more www.k-otik.com: Microsoft Windows XP SP2 Heap protection and DEP bypass Issue. Read more   News: www.betanews.com: New Sober Worm Surfaces. Read more www.scmagazine.com: New virus tells victims they are idiots. Read more news.zdnet.co.uk: Microsoft's anti-piracy plan condemned. Read more www.vnunet.com: Linux security is a 'myth', claims Microsoft. Read more www.gcn.com: Is a new ID theft scam in the wings? Read more www.antiphishing.org: Amazon.com- 'Account Verification Notice'. Read more news.zdnet.co.uk: Capital One takes online banking offline. Read more www.theregister.co.uk: Blaster copycat author jailed for 18 months. Read more www.theinquirer.net: Wireless security keys can be read. Read more www.theregister.co.uk: Dutch turn town into supercomputer. Read more

Copyright� MegaSecurity.org