Home    News Archive    Translate Traducen

News November 2004

30 November 2004 Tools ircdefender.sourceforge.net: IRC Defender is a program designed for IRC networks, written in perl. It is a modular security service which amongst other things will keep virus and trojan drones from your network, allow you to set akills using regular expressions, and will prevent abuse of CGI:IRC proxies. Read more www.openwall.com: Linux kernel patch from the Openwall Project. This patch is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the new features, some versions of the patch contain various security fixes. Read more   Guides, Papers, etc www.securityfocus.com: Seeds of Disaster. Read more www.lurhq.com: Managing the Vulnerability Landscape. Read more This Month's Threat Overview: * The Future of Exploitation * JPEG Virus -- Looking Past the Hype Read more antivirus.about.com: The secrets to MyDoom's success. Read more www.spectrum.ieee.org: The Dawn of the E-Bomb. Read more   Vulnerabilities & Exploits www.securiteam.com: PHP memory_limit Exploit Code. Read more www.securiteam.com: Remote Buffer Overflow in Prozilla. Read more www.securitytracker.com: WS_FTP Buffer Overflow in Processing Certain FTP Commands Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: WS_FTP Server MKD Buffer Overflow (Exploit). Read more www.securiteam.com: CMailServer WebMail Multiple Vulnerabilities. Read more www.securiteam.com: MailEnable IMAP Service Remote Buffer Overflow. Read more www.securiteam.com: Limited Buffer Overflow and Arbitrary Memory Access in Star Wars Battlefront. Read more www.securitytracker.com: MDaemon System Tray Icon Lets Local Users Gain System Privileges. Read more www.securitytracker.com: Orbz Buffer Overflow in JOIN Packet Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Games Using the Serious Engine Can Be Crashed By Remote Users. Read more www.securiteam.com: phpCMS Cross Site Scripting and Information Disclosure Issues. Read more www.securiteam.com: phpBB SQL Injection and Attachmodule Add-On Directory Traversal. Read more www.securiteam.com: phpBB admin_cash.php File Include Vulnerability (Exploit). Read more xforce.iss.net: Microsoft WINS Server Vulnerability. Read more www.debian.org: DSA-602-1 libgd2 -- integer overflow. Read more www.debian.org: DSA-601-1 libgd -- integer overflow. Read more   News: www.theregister.co.uk: Is Microsoft creating tomorrow's IE security holes today? Read more news.zdnet.co.uk: Skulls Trojan teams up with Cabir worm. Read more www.sophos.com: Police question notorious ex-virus writer and confiscate computers, Sophos reports. Read more www.techworld.com: Windows SP2 security compromised. Read more news.zdnet.co.uk: Ex-virus writer questioned over Slammer. Read more www.arabnews.com: Hacker Extraordinaire Turns Security Expert. Read more www.it-observer.com: SCO Website Defaced Again. Read more news.zdnet.co.uk: Microsoft: No SP5 for Windows 2000. Read more www.pcworld.com: The Cost of Virus Protection Rises. Read more wave3.com: Email 'Phishing' Can Fool Even Savvy Consumers. Read more www.theregister.co.uk: SCO hacked in apparent IP protest. Read more

29 November 2004 Tools www.nu2.nu: Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD. Read more   Guides, Papers, etc www.rootkit.com: Windows File Protection: How To Disable It On The Fly. Read more   Vulnerabilities & Exploits www.immunitysec.com: Wins.exe remote vulnerability. Read more www.k-otik.com: php 4.3.7 and 5.0.0RC3 memory_limit Remote Exploit. Read more   News: www.eweek.com: Study: Tools Let Spyware Slip Through Cracks. Read more www.newsforge.com: SCO hacked over Thanksgiving Holiday. Read more www.mosnews.com: Hackers Put Stolen Tax Police Database Up for Sale in Moscow. Read more www.microscope.co.uk: Virus protection is easier than you think. Read more www.eweek.com: Symbian Says Skulls May Not Be Malware. Read more www.linuxinsider.com: Lies, Damn Lies and Computer Security. Read more www.thisislondon.com: Huge computer failure cripples benefits system. Read more times.hankooki.com: Hackers Pocket W16 Billion in Cyber Cash. Read more computerworld.co.nz: Hacker evidence could be accepted in court. Read more www.pcworld.com: Online Identity Theft: Many Medicines, No Cure. Read more

28 November 2004 Tools Microsoft Baseline Security Analyzer V1.2.1. Use this tool to identify common security misconfigurations and missing security updates. MBSA runs on the Windows Server� 2003, Windows� 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies. Read more support.microsoft.com: Mydoom, Zindos, and Doomjuice Worm Removal Tool. Read more www.microsoft.com: Blaster Worm Removal Tool for Windows XP and Windows 2000 (KB833330). Read more support.microsoft.com: Sasser (A-F) Worm Removal Tool. Read more   Guides, Papers, etc www.trapkit.de: Virtual Machine Monitors. Read more www.cfp2005.org: The 15th annual conference on Computers, Freedom & Privacy takes place from Tuesday, April 12th, to Friday, April 15th, 2005, in Seattle, Washington. Read more   Vulnerabilities & Exploits freehost07.websamba.com/greyhats Help ActiveX Control Related Topics Local Content Accessing Vulnerability. Read more www.securitytracker.com: Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code. Read more insecure.hopto.org Here are two IE flaws. Read more www.nobodix.org How to reset the Domain Admin Password under Windows 2003 Server. Read more www.jms1.net: Unlocking Windows NT/2000/2003 Domain Controllers. Read more   News: www.winnetmag.com: Anti-Spam Vigilante Redux. Read more www.theinquirer.net: Fresh but old Internet Explorer flaw found. Read more www.technewsworld.com: Moral Dilemma: Hackers for Hire. Read more www.benedelman.org: Who Profits from Security Holes? Read more castlecops.com: Did you actually win the lottery, or is it just a Phishing scam? Read more www.computerweekly.com: Phishing spreads net wider. Read more www.infoworld.com: Microsoft offers to replace fake copies of Windows XP. Read more times.hankooki.com: Hackers Pocket W16 Billion in Cyber Cash. Read more

27 November 2004 Guides, Papers, etc books.slashdot.org: Malware - Fighting Malicious Code. Read more www.419eater.com: THE 419 EATER SCAM BAITING SECTION. Read more   Vulnerabilities & Exploits www.edup.tudelft.nl: FIREFOX flaws: nested array sort() loop Stack overflow exception. Read more www.felinemenace.org: Remote exploit for the php memory_limit vulnerability. Read more www.immunitysec.com: Wins.exe remote vulnerability. Read more www.securitytracker.com: phpCMS Input Validation Bug in 'parser.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Atari800 Buffer Overflow in Atari800_Initialise() May Let Local Users Gain Root Privileges. Read more www.zone-h.org: Image Download Spoofing in Microsoft Internet Explorer. Read more www.zone-h.org: Remote buffer overflow in MailEnable IMAP service. Read more   News: www.theregister.co.uk: Phishers tapping botnets to automate attacks. Read more www.vnunet.com: Hackers exploit critical Winamp flaw. Read more www.techworld.com: WinAmp security hole deepens. Read more www.securityfocus.com: Profitware. Read more www.secretservice.gov: PUBLIC AWARENESS ADVISORY REGARDING "4-1-9" OR "ADVANCE FEE FRAUD" SCHEMES. Read more www.theregister.co.uk: Lycos screensaver to blitz spam servers. Read more news.zdnet.co.uk: Government says Finnish with IE 6. Read more www.vnunet.com: Sun moves to eclipse Java hackers. Read more www.theregister.co.uk: Social engineering - where the user is the weakest link. Read more www.vnunet.com: Bugwatch: The hidden hazards of passwords. Read more www.techworld.com: Hacker evidence admissible in court? Read more www.nowtoronto.com: Phish scams make waves. Read more

26 November 2004 Tools www.edup.tudelft.nl: Beta v1.0: Multi-format shellcode encoding tool. Read more   Guides, Papers, etc msdn.microsoft.com: Browsing the Web and Reading E-mail Safely as an Administrator. Read more bcheck.scanit.be: Browser Security test. Read more   Vulnerabilities & Exploits www.k-otik.com: Winamp <= 5.06 "IN_CDDA.dll" Remote Buffer Overflow Exploit. Read more www.edup.tudelft.nl: MSIE flaws: nested array sort() loop Stack overflow exception. Read more www.securitytracker.com: Cyrus IMAP 'imap magic plus' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: MailEnable Stack Overflow and Pointer Overwrite in IMAP Service Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: YardRadius Buffer Overflow in process_menu() Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: SecureCRT Remote Command Execution. Read more www.securiteam.com: Atari800 Local Privileges Escalation. Read more www.securiteam.com: Jabberd Remote Buffer Overflows. Read more www.securiteam.com: KorWeblog Directory Traversal Vulnerability. Read more www.securiteam.com: Winamp IN_CDDA.dll Remote Buffer Overflow Exploit. Read more www.securityfocus.com: FIREFOX flaws: nested array sort() loop Stack overflow exception. Read more www.debian.org: DSA-599-1 tetex-bin -- integer overflows. Read more www.debian.org: DSA-598-1 yardradius -- buffer overflow. Read more www.debian.org: DSA-597-1 cyrus-imapd -- buffer overflow. Read more   News: www.theregister.co.uk: Warning: critical Winamp vuln. Read more www.virusbtn.com: Standardised malware naming for the new year. Read more news.zdnet.co.uk: CIA funds chatroom surveillance. Read more news.zdnet.co.uk: Gartner: Beware of Bofra exploit. Read more www.chron.com: Cell phones getting hackers' attention. Read more www.globetechnology.com: Hacker puts obscene message on traffic sign. Read more nwc.linuxpipeline.com: Ad Firm Describes Hacker Attack, Cites Internet Explorer As Security Risk. Read more www.biosmagazine.co.uk: Preparing for 'day zero' security attacks. Read more www.it-observer.com: Phishing Scams Increase Dramatically. Read more news.zdnet.co.uk: Phishers set to hook festive haul. Read more www.microscope.co.uk: Thought for the day: Web of deceit. Read more news.zdnet.co.uk: Kazaa creates worst spyware threat, says CA. Read more www.theregister.co.uk: Hacking tool 'draws FBI subpoenas'. Read more

25 November 2004 Tools download.boson.com: Cisco Routers can encypt passwords. One way to do this is through "SERVICE PASSWORD-ENCRYPTION". GetPass (networking tool) decrypt those passwords. Read more www.openwall.com: The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction. Read more www.deepnetexplorer.com: DeepNet Technologies will release its DeepNet 3.1 browser on 1 December, and says it will contain functionality to combat the ever-growing threat of phishing. Read more   Guides, Papers, etc spywarewarrior.com: Anti-Spyware Test (Guide). Read more www.rootkit.com: Windows File Protection: How To Disable It On The Fly. Read more www.linklings.net: Models of Active Worm Defenses (pdf). Read more   Vulnerabilities & Exploits www.securitytracker.com: CMailServer Buffer Overflow 'CMailCOM.dll' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: DC Open Hub Buffer Overflow in RedirectAll Lets Remote Authenticated Administrators Execute Arbitrary Code. Read more www.securitytracker.com: DeSofto MyProxy Lets Remote Authenticated Users Connect to Arbitrary Ports and Hosts. Read more www.securitytracker.com: Win FTP Server Discloses Passwords to Local Users. Read more www.securitytracker.com: Soldier of Fortune II Buffer Overflow Lets Remote Users Deny Service. Read more www.securiteam.com: Sun Java Plugin Arbitrary Package Access Vulnerability. Read more www.securiteam.com: Citrix Server Allows Key Logging Functionality. Read more www.securiteam.com: Winamp IN_CDDA.dll Buffer Overflow. Read more www.securiteam.com: phpBB Remote Command Execution (Viewtopic.php Highlight). Read more www.debian.org: DSA-596-1 sudo -- missing input sanitising. Read more   News: www.securityfocus.com: Defendant: Microsoft source code sale was a setup. Read more nwc.linuxpipeline.com: Hackers Get Creative With Unpatched IE Bug. Read more www.securityfocus.com: Hacking tool reportedly draws FBI subpoenas. Read more timesofindia.indiatimes.com: Hackers strike sites at will, govt helpless. Read more www.techny.com: Hidden Trojan In �Click Here to Remove� Turns PCs Into Spammers� Dream. Read more www.crn.com: Bot Networks Behind Big Boost In Phishing Attacks. Read more www.theregister.co.uk: Career database 'wide open' to hijacking. Read more itvibe.com: Virus author stalks Asian pop idol. Read more news.bbc.co.uk: Hi-tech tools fuel phishing boom. Read more www.theregister.co.uk: Italian Senate in gay porn worm attack outrage. Read more

24 November 2004 Guides, Papers, etc www.securityfocus.com: SSH and ssh-agent. Read more   Vulnerabilities & Exploits www.securiteam.com: WeOnlyDo! COM FTP DELUXE ActiveX Control Overflow Exploit. Read more www.securiteam.com: CoffeeCup FTP Clients Buffer Overflow Vulnerability Exploit. Read more www.securiteam.com: Prevx Home Intrusion Prevention Features can be Disabled by Direct Service Table Restoration. Read more www.securiteam.com: Halo Broadcast Client Crash. Read more www.securiteam.com: PHPKit SQL Injection and XSS Vulnerabilities. Read more www.securiteam.com: Cyrus IMAP Server Multiple Remote Vulnerabilities. Read more www.securitytracker.com: Prevx Home Protection Mechanisms Can Be Disabled By Local Adminsitrative Users. Read more www.securitytracker.com: Van Dyke SecureCRT May Let Remote Users Execute Arbitrary Scripting Commands. Read more www.securitytracker.com: Winamp Buffer Overflow in IN_CDDA.dll Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: S-Mart Shopping Cart Script Discloses Configuration File to Remote Users. Read more www.securitytracker.com: NuKed-KlaN Input Validation Hole in Web Site Links Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: SecretSanta Lets Remote Users Gain Elevated Privileges Within the Application. Read more www.debian.org: DSA-595-1 bnc -- buffer overflow. Read more aluigi.altervista.org: Broadcast memory corruption in Soldier of Fortune II 1.03. Read more aluigi.altervista.org: An introduction to the Fake players bug and DoS 0.1.1. Read more   News: Ill News for Illwill **By Roberta Bragg Last week William Genovese, a.k.a. "illwill," was arrested and charged with selling Windows 2000 and Windows NT 4.0 source code. The source code was purportedly stolen from the drives of a computer owned by longtime Microsoft partner Mainsoft Corp. The arrest was the result of the work of an online security investigator hired by Microsoft, the U.S. Attorney's office and the FBI. Genovese has a previous conviction, in March of 2003, for eavesdropping when he wrote a virus used to hack into computers. Genovese, 27, of Meriden, Connecticut, faces a maximum sentence of 10 years in prison and a fine of $250,000 if convicted. Criminal Complaint against illwill (pdf): Read more By Fyodor With increasing regularity this year, FBI agents from all over the country have contacted me demanding webserver log data from Insecure.Org. They don't give me reasons, but they generally seem to be investigating a specific attacker who they think may have visited the Nmap page at a certain time. If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.tgz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer. So far, I have never given them anything. In some cases, they asked too late and data had already been purged through our data retention policy. In other cases, they failed to serve the subpoena properly. Sometimes they try asking without a subpoena and give up when I demand one. One can argue whether helping the FBI is good or bad. Remember that they might be going after spammers, cyber-extortionists, DDOS kiddies,etc. In this, I wish them the best. Nmap was designed to help security -- the criminals and spammers put my work to shame! But the desirability of helping the FBI is immaterial -- I may be forced by law to comply with legal, properly served subpoenas. At the same time, I'll try to fight anything too broad (like if they ask for weblogs for a whole month). Protecting your privacy is important to me, but Nmap users should be savvy enough to know that all of your network activity leave traces. I'm not the only one who gets these subpoenas -- large ISPs and webmail providers receive them daily. Most other major security sites probably do too. Most of you probably don't care if someone finds out that you downloaded Nmap, Nessus, Hping2, John the Ripper, etc. Nothing on Insecure.Org is illegal. But for those of you who do care, there are plenty of mechanisms available to preserve your anonymity. Remember this security mantra: defense in depth. Cheers, Fyodor www.vnunet.com: Tasin worms ate my Windows files. Read more www.webuser.co.uk: Five new worms target surfers. Read more www.theregister.co.uk: Mozilla Firefox, Microsoft's 'enemy within'? Read more www.theregister.co.uk: Fraudsters recruit phishing middlemen. Read more news.com.com: Automated phishing on the rise. Read more news.com.com: Phishing--who's taking the bait now? Read more www.timesonline.co.uk: Bank fraud phishers move to China as the fightback begins. Read more www.washtimes.com: Phishers use more sites to reel in data on accounts. Read more www.theregister.co.uk: Google sued by smut peddler. Read more www.newsfactor.com: Hacker Exploit Spreads Virus Through Banner Ads. Read more

23 November 2004 Guides, Papers, etc www.astalavista.com: Video tutorial on APR-DNS Poisoning, Redirecting the flow of traffic. Download www.pcworld.com: Keep Your PC Hidden From the Bad Guys. Read more   Vulnerabilities & Exploits www.securitytracker.com: DynaZip Buffer Overflow in Processing Long Filenames May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apple iCal Calendar Import May Let Remote Users Add Unauthorized Alarm Actions. Read more www.securitytracker.com: Sun Java Plug-in Java-to-Javascript Bug Lets Remote Applets Execute Arbitrary Code. Read more www.securitytracker.com: Prevx Home Protection Mechanisms Can Be Disabled By Local Adminsitrative Users. Read more www.securiteam.com: Windows Compressed Zip File Exploit Code (MS04-034). Read more www.securiteam.com: TWiki Search Function Arbitrary Command Execution (Exploit). Read more www.securiteam.com: Circumvent Windows XP SP2 Security Features using execCommand 'SaveAs' Function. Read more www.securiteam.com: DMS POP3 Server USER Buffer Overflow (Exploit). Read more www.securiteam.com: Privilege Escalation in Mailtraq. Read more www.securiteam.com: Privilege Escalation Flaw in AClient Service for Windows. Read more www.securiteam.com: Danware NetOp Host Multiple Information Disclosure Issues. Read more www.securiteam.com: Privilege Escalation Vulnerabilities in W-Channel Embedded Linux. Read more www.securiteam.com: Netopia Timbuktu Remote Buffer Overflow. Read more unsecure.altervista.org: CoffeeCup FTP Clients Buffer Overflow Vulnerability. Read more unsecure.altervista.org: WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability. Read more   News: www.theregister.co.uk: Falk statement on Bofra attack. Read more www.theregister.co.uk: Bofra exploit tied to 'massive botnet'. Read more www.computerworld.com: Euro Web sites spread Bofra worm via banner ads. Read more www.timesonline.co.uk: Bank fraud phishers move to China as the fightback begins. Read more news.com.com: Microsoft to fix 'download warning' flaw. Read more news.com.com: Attackers strike using Web ads. Read more news.com.com: Browser promises to fend off phishers. Read more www.theregister.co.uk: Stunned pundit agrees with Gates over passwords. Read more www.microscope.co.uk: Hackers could target printers for network attacks, users are warned. Read more australianit.news.com.au: Porn site sues Google. Read more www.theregister.co.uk: Skulls Trojan keelhauls Symbian phones. Read more

22 November 2004 Vulnerabilities & Exploits www.lurhq.com IFRAME Vulnerability Being Exploited Through Banner Ads. Read more www.securitytracker.com: TC-IDE Embedded Linux Input Validation Holes Let Local Users Grab Root Privileges. Read more www.securitytracker.com: ibProArcade Input Validation Hole in 'category' Lets Remote Users Inject SQL Commands. Read more   News: www.theinquirer.net: Register gives readers worm. Read more www.theregister.co.uk: Bofra exploit hits our ad serving supplier. Read more news.zdnet.co.uk: Seductive virus has Sobering consequence. Read more star-techcentral.com: A Sober worm alert. Read more nwc.securitypipeline.com: Fast-Spreading Sober Worm Up In Europe, Heading To U.S. Read more www.pcworld.com: What You Should Know About Firewalls. Read more news.zdnet.co.uk: Mystery 'researchers' are revealing IE flaws. Read more seattlepi.nwsource.com: Gates has millions ... of spam messages every day. Read more

21 November 2004 Vulnerabilities & Exploits www.securitytracker.com: Gmail 'zx' Variable Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Microsoft IE Custom 404 Error Message and execCommand SaveAs Lets Remote Users Bypass XP SP2 Download Warning Mechanisms. Read more www.securitytracker.com: phpBB Input Validation Bug in username Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: eTrust EZ Antivirus Password Protection Can Be Bypassed By Local Users. Read more www.securitytracker.com: ClickandBuild Input Validation Flaw in 'listPos' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: phpMyAdmin Input Validation Holes in PmaAbsoluteUri, zero_rows, and Confirm Page Fields Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Citrix ICA Client Lets Local Users Monitor Keystrokes. Read more www.securitytracker.com: Opera Java Sandbox Flaws Let Malicious Applets Access System Information and Crash the Browser. Read more www.securitytracker.com: Danware NetOp Host Discloses System Information to Remote Users. Read more www.securitytracker.com: Mailtraq Windows Tray Icon Lets Local Users Gain System Privileges. Read more www.securitytracker.com: Altiris AClient Service Windows Tray Icon Lets Local Users Gain System Privileges. Read more www.securitytracker.com: Netopia Timbuktu Buffer Overflow Lets Remote Users Crash the Service. Read more www.securitytracker.com: Fastream NETFile Server HEAD Connection Errors Let Remote Users Consume All Available Connections. Read more   News: isc.sans.org: Bofra/IFrame Exploits on More Web Sites (updated); IFRAME vulnerability summary; Two more IE Exploits. Read more news.netcraft.com: IFRAME Exploit Spreading Through Banner Ads. Read more www.viruslist.com: Third party patches. Read more www.vnunet.com: End of NT 4 support good news for hackers. Read more news.bbc.co.uk: Lazarus-like virus hits computers. Read more www.eweek.com: Linux Phishing Attack Circulates on Net. Read more linuxmafia.com: Should I get anti-virus software for my Linux box? Read more

20 November 2004 Tools www.roseslabs.com: Web Audit Library (Wal) is a python module that provides a powerful and easy API for writing web applications assessment tools, similar to what Libwhisker does for Perl. Wal comes from the need of such a library for python. Writing web security tools using Wal is very straightforward. Wal provides the following features send/receive/analyze HTTP 0.9/1.0/1.1, HTML parser, cookie support, anti-IDS, decoders/encoders and much more... Needs python 2.3 or later. Read more miscname.com: Quick msn messenger sniffer in perl. Read more   Guides, Papers, etc www.securityfocus.com: Detecting Kernel-level Compromises With gdb. Read more lowkeysoft.com: Quicky Analysis of a Proxy/Zombie Network. Read more www.lurhq.com: Win32.Grams E-Gold Account Siphoner Analysis. Read more   Vulnerabilities & Exploits www.securityfocus.com: Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...Read more www.securitytracker.com: Netopia Timbuktu Buffer Overflow Lets Remote Users Crash the Service. Read more www.securitytracker.com: Fastream NETFile Server HEAD Connection Errors Let Remote Users Consume All Available Connections. Read more www.securitytracker.com: ZoneAlarm Pro and ZoneAlarm Security Suite Ad-Blocking Error Lets Remote Users Deny Service. Read more www.securitytracker.com: DMS POP3 Server Buffer Overflow in Processing Username Lets Remote Users Deny Service. Read more   News: www.theregister.co.uk: Sober worm speaks with forked tongue. Read more nwc.bizintelligencepipeline.com: New Sober Worm Spreads In Europe, Heads To U.S. Read more www.securityfocus.com: Judge dismisses keylogger case. Read more wireless.newsfactor.com: Skulls Trojan Infects Symbian Phones. Read more www.timesonline.co.uk: Banks battle phishing threats masterminded on �10 websites. Read more www.itfacts.biz: At any day roughly 1000 sites are phishing Web sites. Read more www.channelnewsasia.com/: Hackers use Stefanie Sun video as bait to spread computer virus. Read more www.internetnews.com: Spam Spikes This Holiday Season. Read more www.technewsworld.com: New eBay Fraud Case Highlights Growing Problem. Read more

19 November 2004 Guides, Papers, etc www.securityfocus.com: Detecting Kernel-level Compromises With gdb. Read more www.verisign.com Internet Security Intelligence Briefing November 2004 / Vol. 2, Issue II (pdf). Read more www.cercs.gatech.edu: High-Fidelity Modeling of Computer Network Worms (pdf). Read more www.pcworld.com: Poor Defenders. Some anti-spyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors. Read more   Vulnerabilities & Exploits secunia.com: Microsoft Internet Explorer Two Vulnerabilities. Read more www.securiteam.com: DUGallery Database Disclosure. Read more www.securiteam.com: Apache Multiple Space Header DoS (Multi-Threaded Exploit). Read more www.securiteam.com: SLMail PASS Buffer Overflow. Read more www.securiteam.com: CScope - Race Condition on Temporary File. Read more www.securitytracker.com: FreeBSD Integer Overflow in fetch() Lets Remote Servers Execute Arbitrary Code. Read more www.securitytracker.com: phpBB Cash Mod Include File Error Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Cscope Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux Kernel smbfs Filesystem Memory Errors Let Remote Users Crash the System. Read more   News: www.theregister.co.uk: IE in fresh security drama. Read more www.theregister.co.uk: Russian fined for virus-writing exploits. Read more www.pcwelt.de: Microsoft created files using a cracked version of the SoundForce program. Read more www.itweek.co.uk: Bugwatch: The dual firewall approach. Read more www.techweb.com: Under Phishing Attack, British Bank Shuts Down Some Services. Read more www.omakchronicle.com: Hotmail/MSN and AOL phishing spam sent out. Read more

18 November 2004 Guides, Papers, etc invisiblethings.org: Red Pill... Or How To Detect VMM Using (Almost) One CPU Instruction. Read more www.windowsecurity.com: Darwinism Meets the Virus and Worm. Read more www.petefinnigan.com: Oracle Default Password List. Read more   Vulnerabilities & Exploits www.debian.org: DSA-594-1 apache -- buffer overflows. Read more www.securitytracker.com: phpScheduleIt Flaw in 'Reservation.class.php' Lets Remote Users Modify or Delete Reservations. Read more www.securitytracker.com: Event Calendar Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securiteam.com: Java JNI/DNS Queries DoS. Read more www.securiteam.com: Insecure FTP Access in HP PSC 2510 Printers. Read more www.securiteam.com: Icewarp Web Mail Multiple Vulnerabilities. Read more www.securiteam.com: Multiple Vulnerabilities in Web Forums Server. Read more www.securiteam.com: Symantec LiveUpdate Decompression and Directory Names Vulnerabilities. Read more www.securiteam.com: Hotfoon Automatic Browser Launch. Read more www.securiteam.com: Norton Anti-Virus VB Scripting Vulnerability. Read more www.securiteam.com: Defeating Non Executable Stack Protection With TEB Buffer. Read more www.securiteam.com: Kerio Personal Firewall Multiple IP Options DoS PoC. Read more www.securiteam.com: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability (Exploit). Read more www.securiteam.com: Linux 2.x smbfs Multiple Remote Vulnerabilities. Read more www.securiteam.com: InetUtils TFTP Client DNS Resolving Buffer Overflows. Read more www.securiteam.com: Multiple up-imapproxy DoS Vulnerabilities. Read more www.securiteam.com: SquirrelMail Cross Site Scripting in Encoded Text. Read more www.sudo.ws: Bash scripts run via Sudo can be subverted. Read more security.e-matters.d: Linux 2.x smbfs multiple remote vulnerabilities. Read more   News: www.theregister.co.uk: Arafat worm exploits new MS vuln. Read more news.zdnet.com: More security hiccups for IE. Read more news.com.com: Microsoft says IE updates possible. Read more www.biosmagazine.co.uk: Aladdin Identifies Potential Mega Virus Related to JPEG Vulnerability. Read more news.zdnet.com: Caught in a phishing trap. Read more www.guardian.co.uk: Phishing phobia. Read more news.zdnet.com: Microsoft's answer to phishing: Two IDs. Read more

17 November 2004 Guides, Papers, etc www.developer.com: Term of the Week: Zombies and Phishing. Read more www.edup.tudelft.nl: "Writing IA32 Restricted Instruction Set Shellcode Decoder Loops" by SkyLined. Read more   Vulnerabilities & Exploits www.heise.de: Flaws in SP2 security features, part II. Read more www.debian.org: DSA-593-1 imagemagick -- buffer overflow. Read more www.securitytracker.com: miniBB Input Validation Hole in 'user' Parameter Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: fcron 'fcronsighup' Bugs Let Local Users View and Delete Files. Read more www.securitytracker.com: Hired Team: Trial Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: User Account Enumeration in Nortel Contivity VPN. Read more www.securiteam.com: Crafted Timed Attack Evades Cisco Security Agent Protections. Read more www.securiteam.com: Zone Labs IMsecure Active Link Filter Bypassing. Read more www.securiteam.com: Skype "callto:" URI Handler Buffer Overflow. Read more www.securiteam.com: Army Men RTS Format String. Read more www.securiteam.com: Multiple vulnerabilities in Hired Team: Trial. Read more www.securiteam.com: MiniShare Remote Buffer Overflow. Read more www.securiteam.com: phpBugTracker bug.php SQL Injection. Read more www.securiteam.com: Linux Kernel binfmt_elf ELF Loader Privilege Escalation. Read more www.securiteam.com: Fcron Multiple Vulnerabilities. Read more   News: Microsoft Security Bulletin MS04-039 re-release: Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258). Read more news.zdnet.com: Gates announces new Windows update tool. Read more news.zdnet.co.uk: Passwords are facing redundancy, says Gates. Read more www.theregister.co.uk: Security incidents and cybercrime on the up. Read more news.zdnet.co.uk: Securepoint's hacker hire costs partnership. Read more news.zdnet.com: Report: Crooks behind more Net attacks. Read more www.securitypronews.com: A Safer Way To Browse The Internet. Read more

16 November 2004 Guides, Papers, etc REVERSE CODE ENGINEERING: AN IN-DEPTH ANALYSIS OF THE BAGLE VIRUS (pdf). Read more www.bellua.com: Bellua Cyber Security Asia 2005. Call for Papers. Read more www.astalavista.com: Small paper describing how to add a quick backdoor into the setuid code for the Linux 2.4 kernel series. Download   Vulnerabilities & Exploits www.securitytracker.com: Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions. Read more www.securitytracker.com: NuKed-KlaN Input Validation Hole in Image Source URL Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Army Men RTS Format String Error Lets Remote Users Crash the Game. Read more www.securitytracker.com: PowerPortal Input Validation Hole in 'index_page' Lets Remote Users Inject SQL Commands. Read more www.securiteam.com: Secure Network Messenger Denial of Service. Read more www.securiteam.com: NetNote Crafted String DoS. Read more www.securiteam.com: 04WebServer Multiple Vulnerabilities (CSS, Log File Injection, AUX DoS). Read more www.securiteam.com: Samba 3.x QFILEPATHINFO Unicode Filename Buffer Overflow. Read more www.securiteam.com: ez-ipupdate show_message() Format String. Read more www.securiteam.com: TWiki Search Function Arbitrary Command Execution. Read more www.securiteam.com: Secure Network Messenger DoS. Read more www.securiteam.com: IPSwitch IMail Stack Overflow in DELETE Command. Read more security.e-matters.de: Samba 3.x QFILEPATHINFO unicode filename buffer overflow. Read more   News: www.microscope.co.uk: New breed of virus beats AV gateways. Read more www.theregister.co.uk: Lexmark denies spyware allegations. Read more www.ebcvg.com: FireFox Cures the Web? Read more www.koaa.com: News First Investigates "phishing". Read more www.net4nowt.com: DomainKeys the answer to e-mail forgery and phishing? Read more

15 November 2004 Tools sourceforge.net: tcpreplay is a tool to replay captured network traffic. Read more   Guides, Papers, etc www.microsoft.com: The Antivirus. Defense-in-Depth Guide. Read more www.underground-book.com: Underground. Tales of hacking, madness and obsession on the electronic frontier. Read more   Vulnerabilities & Exploits www.cherryware.de: Unofficial IE FRAME/IFRAME fix. Read more www.securitytracker.com: Webroot Spy Sweeper Enterprise Discloses Administrative Password to Local Users. Read more www.securitytracker.com: NetNote Server Can Be Crashed By Remote Users. Read more   News: news.com.com: Yahoo takes on spam, boosts e-mail storage. Read more www.theinquirer.net: Website claims XP used pirated software. Read more www.computerworld.com: Security Review Uncovers Rampant Virus Infections. Read more www.computerworld.com: Security pros bemoan need for tactical focus. Read more story.news.yahoo.com: Sneakier Trojan Targets UK Banks. Read more

14 November 2004 Tools www.gpstm.com: GPS Trackmaker Allows to access maps on the Internet. Read more www.netstumbler.com: NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. Read more www.vanille.de: Wellenreiter is a wireless network discovery and auditing tool. Read more airsnort.shmoo.com: AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. Read more www.robota.net: AIRE is an 802.11 network discovery utility for Microsoft Windows XP. Read more sourceforge.net: Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Read more www.remote-exploit.org: Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients. Download www.kismetwireless.net: Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Read more users.skynet.be: Wdriver is a little tool that can help during the process of war drive, It can get you a DHCP Adress, it can browse the web directly, it gives you some information, it can do a ping, it can send a message like a �net send� in the early years of dos but without a sender notice so people can not see who has send it. Wdriver also allows to check connectivity and allows you to quickly change the hostname of your computer. Read more   Guides, Papers, etc www.computerworld.com: Five Steps To WLAN Security -- A Layered Approach. Read more users.skynet.be: WARDRIVING MANUAL. Read more Wireless LAN Security 802.11b and Corporate Networks. Read more www.wardriving.ch: WLAN War Driving. Read more www.blackthornsystems.com: WarDriving: Drive, Detect, Defend. Read more www.remote-exploit.org: Generic security problems with online games and applications. Read more   Vulnerabilities & Exploits www.securitytracker.com: Sudo Environment Variable Validation Error May Let Local Users Run Arbitrary Commands. Read more www.securitytracker.com: TWiki Input Validation Hole in Search Function Lets Remote Users Execute Shell Commands. Read more www.securitytracker.com: Thomson Speed Touch Pro ADSL Lets Remote Users Modify the DNS via DHCP. Read more www.securitytracker.com: Private Messaging System (PMS) Discloses Messages to Remote Users and Permits Cross-Site Scripting Attacks. Read more   News: www.computerworld.com: My summer of war driving. Read more www.eweek.com: XP SP2 Flaw Warning Sparks Debate on Disclosure. Read more www.theage.com.au: Researcher issues own patch for IE flaw. Read more cnews.canoe.ca: Hackers sharpening their byte: Expert. Read more baraboo.scwn.com: Scammers use Web to 'phish'. Read more www.microscope.co.uk: Shooting phish. Read more

13 November 2004 Tools www.cherryware.de: Unofficial IE FRAME/IFRAME fix. Read more home19.inet.tele.dk: wINJECT is a packet injector for Win9x dialup users (and Win2k + any connection). It lets you send customized packets with real or spoofed source ip. Read more   Guides, Papers, etc www.broadbandreports.com: Simple way to verify the current page in IE. Read more www.io.com: An extended explanation on why Internet Explorer is insecure. Read more   Vulnerabilities & Exploits www.sans.org: The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus. Read more aluigi.altervista.org: Secure Network Messenger crash. Read more www.securitytracker.com: Secure Network Messenger Can Be Crashed By Remote Users. Read more www.securitytracker.com: Aztek Forum Input Validation Holes Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: StarForce Professional May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: DUgallery Discloses Database to Remote Users. Read more www.securitytracker.com: phpWebSite Input Validation Flaws Let Remote Users Conduct HTTP Response Splitting Attacks. Read more www.securitytracker.com: vBulletin Input Validation Error in 'last.php' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: Phorum Input Validation Hole in 'follow.php' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: GD Library Buffer Overflows in gdMalloc() May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: unarj Buffer Overflow in Processing Long File Names May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Cisco Security Agent May Fail to Attack Specially Timed Buffer Overflow Attacks. Read more www.securitytracker.com: Okena StormWatch May Fail to Attack Specially Timed Buffer Overflow Attacks. Read more   News: news.zdnet.co.uk: FSA: Cybercriminals are infiltrating companies. Read more www.theregister.co.uk: Anti-virus outfit defends job for VXer. Read more www.theregister.co.uk: Say hello to the 'time bomb' exploit. Read more news.com.com: Dutch charge teenage hacker suspects. Read more www.theregister.co.uk: Trojan targets UK online bank accounts. Read more www.timesonline.co.uk: Victims of internet bank fraud will have to pay up. Read more news.com.com: Finjan: Warning users or scaring up business? Read more news.zdnet.co.uk: '10 new XP SP2 flaws' revealed. Read more www.computerworld.com: Microsoft probing reported flaws in Windows XP SP2. Read more news.zdnet.co.uk: Lexmark accused of installing spyware. Read more news.com.com: Is Microsoft using 'Halo 2' to thwart Xbox hackers? Read more

12 November 2004 Tools www.guerradigital.com.br: VTrace 0.1, tool for visual tracert, exhibiting the geographical location of each it plans that the package travels ties to arrive to the specified domain. Read more   Guides, Papers, etc www.pcworld.com: Biography of a Worm. Read more   Vulnerabilities & Exploits packetstormsecurity.nl: SlimFTPd <= 3.15, Remote Buffer Overflow Exploit v0.1. Read more www.debian.org: DSA-592-1 ez-ipupdate -- format string. Read more www.securitytracker.com: Zone Labs IMsecure Active Link Filtering Function Can Be Bypassed. Read more www.securitytracker.com: CCProxy Buffer Overflow in Logging Function Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Hotfoon Dialer Chat Feature Lets Remote Users Cause the Target User to Open Arbitrary URLs. Read more www.securitytracker.com: OpenSkat VTMF CheckGroup() Randomization Error May Let Remote Users Determine Private Keys. Read more www.securitytracker.com: ez-ipupdate Format String Error in show_message() May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP PSC 2510 Printer FTP Server Lets Remote Users Submit Print Jobs. Read more www.securitytracker.com: 04WebServer Input Validation Holes Let Remote Users Inject Log Entries and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: BNC Buffer Overflow in getnickuserhost() Function Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: SquirrelMail Input Validation Hole in 'mime.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: WebCalendar Grants Administrative Access and Permits Cross-Site Scripting and HTTP Response Splitting Attacks. Read more www.securitytracker.com: SlimFTPd FTP Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Cisco IOS Interfaces Can Be Blocked With Specially Crafted DHCP Packets. Read more www.securiteam.com: Multiple Buffer Overflow in SlimFTPd. Read more www.securiteam.com: Kerio Personal Firewall Multiple IP Options DoS. Read more www.securiteam.com: Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (MS04-039). Read more   News: www.securityfocus.com: Defendant: Microsoft source code sale was a setup. Read more www.networkcomputing.com: IE Becomes Hacker Favorite. Read more www.pcworld.com: New MyDoom Attacks May Signal 'Zero Day'. Read more news.com.com: Trojan horse spies on Web banking. Read more itvibe.com: UK bank accounts at risk from new Trojan. Read more www.theinquirer.net: HSBC phishing mail warns against phishing. Read more www.computerworld.com: My summer of war driving. Read more news.com.com: Microsoft says Firefox not a threat to IE. Read more www.theregister.co.uk: Gadzooks! My PC has the pox. Read more

11 November 2004 Tools winfingerprint.sourceforge.net: Winfingerprint is a Win32 MFC VC++ .NET based security tool that is able to Determine OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp and udp ports. Read more   Vulnerabilities & Exploits www.securitytracker.com: Linux Kernel binfmt_elf Loader Lets Local Users Obtain Root Access. Read more   News: www.theregister.co.uk: Bofra worm sets trap for unwary. Read more www.ciol.com: Worm breaks speed record. Read more news.zdnet.co.uk: Microsoft complains about 'irresponsible' security revelation. Read more www.winnetmag.com: Ten New Security Holes in Windows XP SP2. Read more www.newsfactor.com: MyDoom Uses Money, Sex To Snare Users. Read more news.zdnet.com: FBI: Hidden threat inside cybercrime. Read more www.securityfocus.com: Banks prepare for ATM cyber crime. Read more www.theregister.co.uk: MS source code fence busted. Read more www.theregister.co.uk: MS search engine rumours abound. Read more www.pcworld.idg.com.au: Bored Computer Virus Offers to Play a Musical Tune, Sophos Reports. Read more www.infoworld.com: Antivirus subscription prices climb. Read more searchenterpriselinux.techtarget.com: Security basics: Beating hackers, pirates and thieves. Read more www.internetnews.com: A New Breed of Phish. Read more

10 November 2004 Tools neil.slampt.net: A kernel land rootkit for osx, roughly based on adore. Download   Vulnerabilities & Exploits www.securitytracker.com: Sun ONE Messaging Server Lets Remote Users Hijack Webmail Accounts. Read more www.securitytracker.com: NETGEAR DG834 Management Interface Can Be Blocked With Many Simultaneous Sessions. Read more www.securitytracker.com: Axis Network Camera DNS Loopback Error Lets Remote Users Deny Service. Read more www.securitytracker.com: Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites. Read more www.securitytracker.com: Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites. Read more www.securitytracker.com: AudienceConnect RemoteEditor May Grant Access in Certain Cases. Read more www.securitytracker.com: AudienceConnect RemoteEditor Oversized Submission Has Unspecified Impact. Read more www.securitytracker.com: samhain sh_hash_compdata() Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: up-imapproxy Various Integer Overflows Let Remote Users Deny Service. Read more www.securitytracker.com: Nucleus Input Validation Flaws Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Infuseum Input Validation Flaws Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: qwik-smtpd Format String. Read more www.securiteam.com: MiniShare GET Buffer Overflow. Read more www.securiteam.com: CCProxy Log Stack Overflow. Read more www.securiteam.com: TRUSTe.org Cross Site Scripting and Phishing Opportunities. Read more www.securiteam.com: Samba 3.x.x Wildcard Characters DoS. Read more www.securiteam.com: Zip Long Path Buffer Overflow. Read more www.debian.org: DSA-591-1 libgd2 -- integer overflows. Read more www.debian.org: DSA-590-1 gnats -- format string vulnerability. Read more www.debian.org: DSA-589-1 libgd1 -- integer overflows. Read more   News: by Aphex Guilty Until Proven Innocent Well I just thought I would inform everyone about some legal problems I have been having recently. It all started about a month ago when a couple of agents from the U.S. Army CID showed up at my girlfriend�s workplace. They told her that a connection from her IP address gained unauthorized access to a military computer...... Read more PivX Labs have discovered several new worms spreading in the wild that are exploiting a 0day unpatched Internet Explorer vulnerability, a buffer overflow in the NAME attribute on FRAME, IFRAME and EMBED elements. This worm spreads through both web pages and HTML emails. The email vector is disguised as a Paypal spoof with the following as one of many body texts: "Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days. To see details please click this link." When the user clicks the link they visit a webpage served from an already infected machine which is serving HTML pages from port 1639. Users of Windows XP Service Pack 2 are not affected by these worms as this vulnerability has already been fixed before the service pack release. Users of prior Windows versions will become automatically infected with this Trojan worm when they visit the webpage. PivX Labs have captured samples of these worms in the wild. So far, there are 3 new Mydoom worm variants and 2 Bofra worm variants exploiting this vulnerability to forcefully install themselves, namely Mydoom.AG, Mydoom.AH, Mydoom.AI, Bofra.a and Bofra.b. (Thor Larholm) www.microsoft.com: Internet Security and Acceleration Server and Proxy Server Update for November 2004. Read more news.zdnet.co.uk: 'Swiss Army knife' virus appears in a weekend. Read more www.theinquirer.net: One click worms don't catch early birds. Read more www.pcworld.com: New Mydoom Worm Exploits IE Flaw. Read more www.chron.com: Worm breaks speed record from discovery to life. Read more www.theregister.co.uk: Trojan infects PCs to generate SMS spam. Read more www.theinquirer.net: Hacker flogged Microsoft source code. Read more news.zdnet.co.uk: Norton AV flaw may put PCs at risk of virus attack. Read more news.com.com: Microsoft getting nervous about Firefox? Read more www.computerworld.com: Military powers use the Internet to spy, Clarke says. Read more

09 November 2004 Tools news.zdnet.co.uk: Mozilla releases Firefox 1.0. Read more   Guides, Papers, etc SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment. July 7-8, 2005. Call for Papers. Read more www.windowsecurity.com: Do You Leave Sensitive Data Lying Around? Read more www.4law.co.il: The Virus Undergroud. Read more   Vulnerabilities & Exploits www.debian.org: DSA-588-1 gzip -- insecure temporary files. Read more www.debian.org: DSA-587-1 freeamp -- buffer overflow. Read more www.debian.org: DSA-586-1 ruby -- infinite loop. Read more www.securitytracker.com: Microsoft IE Discloses Whether Specified Files Exist to Remote Users. Read more www.securitytracker.com: Sun JRE Integer Wraparound Bug in InitialDirContext() Lets Remote Users Deny Service. Read more www.securitytracker.com: Samba Input Validation Error in ms_fnmatch() Lets Remote Authenticated Users Deny Service. Read more www.securitytracker.com: Pavuk Remote Buffer Overflows May Let Remote Authticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Nortel Contivity VPN Client Lets Remote Users Determine Valid User Account Names. Read more www.securitytracker.com: Ruby Infinite Loop Bug Lets Remote Users Deny Service. Read more www.securitytracker.com: PvPGN Buffer Overflow in Processing Game Report Packets Has Unspecified Impact. Read more www.securitytracker.com: eGroupWare JiNN Input Validation Error May Let Remote Users Traverse the Directory. Read more www.securitytracker.com: Technote 'main.cgi' Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Kerio Personal Firewall Unspecified Packet Processing Bug May Let Remote Users Deny Service. Read more www.securitytracker.com: Sophos MailMonitor for SMTP Has Unspecified Malformed E-mail Flaw. Read more www.securitytracker.com: Moodle Glosary Module Input Validation Holes May Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: GFHost Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: ISC DHCP DNS Logging Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Gentoo Gentoolkit 'qpkg' Uses Unsafe Temporary File That Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Gentoo Portage 'dispatch-conf' Uses Unsafe Temporary File That Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: MiniShare Buffer Overlow in Processing Long URLs Lets Remote Users Execute Arbitrary Code. Read more   News: www.theregister.co.uk: Czech virus writer joins anti-virus firm. Read more Finding your weakest link www.fcw.com: The Interceptors find public- and private-sector wireless vulnerabilities. Read more www.securityfocus.com: Online fraud tutorials... from the Secret Service? Read more itvibe.com: Bofra worm spreads via Internet Explorer. Read more www.cellular-news.com: Virus sends SMS spam. Read more news.zdnet.co.uk: 'Project Endurance' tries to tackle online crime. Read more www.abc.net.au: Email scammer jailed for 5 years. Read more news.bostonherald.com: Man in a jam for `phishing' fraud on Net. Read more www.ljworld.com: E-mail scams snare unaware. Read more www.northfulton.com: Scams target Internet users. Read more

08 November 2004 Guides, Papers, etc zine.dal.net: Just What Is a Botnet? Read more www.nanog.org: Botnets (pdf). Read more www.technologyreview.com: When Bot Nets Attack. Read more www.prolexic.com: Distributed Denial of Service Attacks (pdf). Read more   Vulnerabilities & Exploits www.securiteam.com: SCO OpenServer MMDF Deliver Buffer Overflow. Read more www.securiteam.com: Ability Server FTP STOR Buffer Overflow (Unix Exploit). Read more www.securiteam.com: Solaris Real World Exploit Examples. Read more www.securiteam.com: XDICT Buffer Overrun Vulnerability. Read more www.securiteam.com: Lithtech Engine Format String Bug May Crash In-Game Server. Read more www.securiteam.com: Resources Consumption in 602LAN SUITE. Read more www.securitytracker.com: MiniShare Buffer Overlow in Processing Long URLs Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: 602LAN SUITE Lets Remote Users Deny Service With Large Content-Length Requests and Via Telnet Proxy Loopback Attacks. Read more   News: www.bizjournals.com: Small businesses tackle security risks as bad guys go 'phishing'. Read more portal.telegraph.co.uk: Software to target net criminals. Read more news.netcraft.com: Akamai Attack Highlights Threat From Bot Networks. Read more

07 November 2004 Guides, Papers, etc honeynet.org: This month's challenge: Analyse heavily armored binaries and to explain various Anti Reverse Engineering Techniques. Read more www.nextgenss.com: Passive Information Gathering The Analysis of Leaked Network Security Information. (pdf) Read more   Vulnerabilities & Exploits www.securitytracker.com: Merak Mail Server (with IceWarp Web Mail) Lets Remote Authenticated Users Move, Delete, and Rename Files. Read more www.securitytracker.com: LithTech Engine Format String Bug Lets Remote Users Crash the Game Server. Read more aluigi.altervista.org: 602 Lan Suite resources consumption through webmail. Read more aluigi.altervista.org: The Lithtech engine is affected by some format string. Read more bugs.   News: www.pcadvisor.co.uk: Dangerous new ways to try to steal your money are in progress Phishers adopt scam tricks from virus writers. Read more www.informationweek.com: Warnings On New Phishing Threat New, "more insidious" phishing scam is triggered when unsuspecting users open an E-mail. Read more www.finextra.com: Majority of financial Web sites contain security flaws. Read more www.pcworld.com: Poor Defenders Some anti-spyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors. Read more www.crime-research.org: Security breach at Cahoot bank. Read more

06 November 2004 Tools www.tinypeap.com: WPA Weak Key Cracker Posted. Read more   Guides, Papers, etc www.tinypeap.com: WPA Passive Dictionary Attack Overview (pdf). Read more www.tinypeap.com: TinyPEAP is a wireless security system designed to integrate the components of today�s best security solutions into one secure and easy to use system. (pdf) Read more www.windowsecurity.com: How Spyware And The Weapons Against It Are Evolving. Read more www.windowsecurity.com: Understanding E-mail Spoofing. Read more packetstormsecurity.nl: People Hacking: The Psychology of Social Engineering. Read more   Vulnerabilities & Exploits www.securitytracker.com: Symantec LiveUpdate Zip Decompression Routine May Let Users Deny Service. Read more www.debian.org: DSA-585-1 shadow -- programming error. Read more   News: news.zdnet.co.uk: IE flaw danger increases as exploit code released. Read more news.zdnet.co.uk: 30,000 botnets march across the Internet. Read more www.securityfocus.com: Alleged DDoS kingpin joins most wanted list. Read more news.zdnet.co.uk: Bin Laden video spreads a worm for 'The Hobbit'. Read more www.theregister.co.uk: Email worm poses as Osama videogram. Read more www.theregister.co.uk: Windows for Warships safe for Royal Navy, says MoD. Read more news.com.com: Bank accounts in online security scare. Read more software.silicon.com: Security flaw exposed in Cahoot bank accounts. Read more www.techweb.com: New Wave Hackers Chase Bucks, Not Bragging Rights. Read more news.zdnet.com: Virus writers elude Microsoft's bounty hunt. Read more www.eweek.com: New Phishing Attack Uses Old IE Exploit. Read more software.silicon.com: Covert phishing scam lies in wait for its victim. Read more www.techny.com: Identity thieves� Phishing attacks could soon get a lot nastier. Read more www.linuxpipeline.com: Linux experts slam a report naming the OS as a favorite hacker target, citing methodology flaws and "suspicious" conclusions. Read more news.zdnet.com: 16 candles for first Internet worm. Read more news.com.com: Ex-Austin student indicted for data theft. Read more www.crime-research.org: New kind of the Internet fraud represented by Russians. Read more www.theregister.co.uk: Counting the cost of security training. Read more

05 November 2004 Guides, Papers, etc www.securityfocus.com: SSH User Identities. Read more   Vulnerabilities & Exploits www.kb.cert.org: Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements. Read more www.zone-h.org: Enumeration vulnerability in Mozilla and Thunderbird. Read more www.securitytracker.com: Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service. Read more www.securitytracker.com: ScanMail Discloses Sensitive Files to Remote Users. Read more www.securitytracker.com: Google Local Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Zile Security Flaws Have Unspecified Impact. Read more www.securitytracker.com: Norton Anti-Virus Script Blocking Can Be Bypassed. Read more www.securitytracker.com: Zip Buffer Overflow in Recursive Directory Compression Lets Local Users Execute Arbitrary Code. Read more www.debian.org: DSA-584-1 dhcp -- format string vulnerability. Read more www.debian.org: DSA-583-1 lvm10 -- insecure temporary directory. Read more www.hexview.com: Symantec LiveUpdate issues may cause DoS. Read more   News: www.theregister.co.uk: Watch out there's an IE bug about. Read more www.infoworld.com: Microsoft checks out new IE security flaw reports. Read more news.zdnet.co.uk: Suspected hacking mastermind on 'most wanted' list. Read more www.computerworld.com: Big picture security. Read more www.computerworld.com: Avoiding downstream liability. Read more www.computerworld.com: Microsoft to help users prep for patching. Read more www.detnews.com: Former University of Texas student indicted for allegedly hacking into computers, stealing info. Read more www.theregister.co.uk: Phishers develop sophisticated lure. Read more www.vnunet.com: Latest phishing scam silent but violent. Read more www.guardian.co.uk: Internet bankers face new phishing scam. Read more news.zdnet.co.uk: The Internet worm comes of age. Read more www.pcworld.idg.com.au: Bin Laden Terrorist Video Email is Really a Virus, Warns Sophos. Read more www.crime-research.org: Haven for Hackers. Read more news.zdnet.co.uk: Security guru demands two-factor authentication. Read more www.theregister.co.uk: Sibling spammers convicted. Read more

04 November 2004 Guides, Papers, etc www.securityfocus.com: Phishing For Savvy Users. Read more   Vulnerabilities & Exploits securitytracker.com: (Exploit Code Has Been Released) Microsoft Internet Explorer Buffer Overflow in IFRAME Tag Processing Lets Remote Users Execute Arbitrary Code. Read more fri-adgang.dk: Exploit for \"Vulnerability in RPC Runtime Library\". Read more securitytracker.com: AudienceConnect SecureEditor May Grant Access in Certain Cases. Read more securitytracker.com: Astaro Security Linux Discloses System Information to Remote Users. Read more securitytracker.com: Gallery Input Validation Error in 'include' Variable Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: FsPHPGallery Input Validation Error May Let Remote Users Obtain Directory Listings. Read more securitytracker.com: Goollery Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Sun Java System Application Server Various Certificate and ASN.1 Bugs Let Remote Users Crash the Service. Read more securitytracker.com: Sun Java System Web Server Various Certificate and ASN.1 Bugs Let Remote Users Crash the Service. Read more securitytracker.com: F-Secure Anti-Virus for Microsoft Exchange Lets Remote Users Bypass Anti-Virus Detection With a ZIP Archive. Read more securitytracker.com: WinRAR May Crash When Repairing Malformed Archives. Read more securitytracker.com: ArGoSoft FTP Server Lets Remote Users Upload '.lnk' File. Read more securitytracker.com: Forum Web Server Still Discloses Files on the System, Including Clear Text Passwords, to Remote Users. Read more securitytracker.com: HELM Input Validation Holes Let Remote Authenticated Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Cisco Secure Access Control Server EAP-TLS Bug Lets Remote Users Be Authenticated Without Proper Credentials. Read more securitytracker.com: yChat HTTP Errors Let Remote Users Deny Service. Read more securitytracker.com: Cherokee Format String Flaw in cherokee_logger_ncsa_write_string() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: iptables May Fail to Automatically Load Some Modules. Read more www.securiteam.com: HELM Management and Control System SQL Injection and XSS Vulnerabilities. Read more www.securiteam.com: Chesapeake TFTP Server Directory Traversal and DoS Vulnerabilities. Read more www.securiteam.com: bogofilter/bogolexer Malformed Input DoS. Read more www.securiteam.com: qwik-smtpd Format String Vulnerability. Read more www.securiteam.com: Zgv Image Viewing Multiple Heap Overflows. Read more www.hexview.com: Zip/Linux long path buffer overflow. Read more   News: Phishing Alert: SunTrust Bank Phishing Mail does link to http://148.244.213.131:4907/st/index.htm news.netcraft.com: Phishers Manipulate SunTrust Site to Steal Data. Read more www.oreillynet.com: Russian Denies Authoring "SoBig" Worm. Read more www.hindustantimes.com: Net bank fraudsters design potent phishing tool. Read more news.zdnet.co.uk: Hackers: Show me the money. Read more www.theinquirer.net: Bulgarian 'hackers' arrested on terror charges. Read more www.theregister.co.uk: Chinese puzzle hampers banks' phishing fight. Read more story.news.yahoo.com: MessageLabs Sniffs Out New Phishing Technique. Read more www.spamfo.co.uk: Phishing without even clicking a link. Read more www.theinquirer.net: Hackers reopen stolen code store. Read more

03 November 2004 Guides, Papers, etc www.dimva.org: SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2005, Call for Papers. Read more www.technicalinfo.ne: URL Encoded Attacks. Read more   Vulnerabilities & Exploits www.edup.tudelft.nl: PoC exploit for the FRAME src&name property bufferoverflow. Download www.nextgenss.com: Medium risk vulnerability within the 'Repair Archive' feature in WinRAR. Read more www.debian.org: DSA-582-1 libxml -- buffer overflow. Read more www.debian.org: DSA-581-1 xpdf -- integer overflows. Read more www.windowsitpro.com: Arbitrary Code Execution in PuTTY for Windows. Read more www.securiteam.com: Internet Explorer FRAME SRC and NAME Property Buffer Overflow (PoC). Read more www.securiteam.com: PHP Array Heap Content Disclosure. Read more www.securiteam.com: Apache Multiple Space Header DoS. Read more   News: news.zdnet.co.uk: Microsoft denies spoofing is a security flaw. Read more www.theregister.co.uk: IE exploits top web security threat list. Read more news.zdnet.co.uk: Internet Explorer is the number one hack attack. Read more www.theregister.co.uk: Free training offer is latest spam scam. Read more www.theinquirer.net: Bagle Worm writer fails to score hit. Read more news.zdnet.co.uk: Smarter users have taken the bite out of Bagle. Read more news.zdnet.co.uk: Cisco source code for sale online. Read more www.varbusiness.com: How To Spot Bogus E-Mail. Read more www.theregister.co.uk: Phishing for dummies: hook, line and sinker. Read more news.zdnet.co.uk: Millions of Bagles knock out Windows firewall. Read more news.zdnet.co.uk: Firefox gains more ground on IE. Read more news.com.com: Old scams pose the 'greatest security risk'. Read more software.silicon.com: IM virus hoax threatens bandwidth drain. Read more

02 November 2004 Tools www.hardened-php.net: Hardened-PHP adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in hastily written PHP scripts and on the other hand against potential unknown vulnerabilities within the engine itself. Read more   Guides, Papers, etc www.nextgenss.com: Second-order Code Injection Attacks Advanced Code Injection Techniques and Testing Procedures (pdf). Read more www.securiteam.com: Bypassing Client Application Protection Techniques. Read more www.securereality.com.au: A Study In Scarlet. Exploiting Common Vulnerabilities in PHP Applications. Read more bugs.php.net: PHP Bugs. Read more   Vulnerabilities & Exploits secway.org: XDICT Buffer OverRun Vulnerability. Read more www.debian.org: DSA-580-1 iptables -- missing initialisation. Read more www.debian.org: DSA-579-1 abiword -- buffer overflow. Read more www.debian.org: DSA-578-1 mpg123 -- buffer overflow. Read more www.securiteam.com: Altiris Carbon Copy Remote Control Local SYSTEM Exploitation. Read more www.securiteam.com: Firewire/IEEE 1394 Considered Harmful to Physical Security. Read more www.securiteam.com: AOL Journals BlogID Incrementing Discloses Account Names and Email Addresses. Read more www.securiteam.com: socat Format string vulnerability. Read more www.securiteam.com: kpdf Integer Overflows. Read more www.securiteam.com: IPTables Log Integer Underflow (PoC). Read more www.securiteam.com: WvTftpd Option Name Value Pairs Remote Root Heap Overflow (PoC Included). Read more securitytracker.com: XDICT Word Translation Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: QwikMail Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Land Down Under Input Validation Holes in 'users.php' and Other Scripts Let Remote Users Inject SQL Commands. Read more securitytracker.com: Allied Telesyn AT-TFTP Server Lets Remote Users Download and Upload Arbitrary Files or Cause the TFTP Service to Crash. Read more securitytracker.com: Netcordia Chesapeake TFTP Server Lets Remote Users Download and Upload Arbitrary Files or Cause the TFTP Service to Crash. Read more securitytracker.com: Sun Java System Web Proxy Server Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more   News: www.theregister.co.uk: China shuts 1,600 cybercafes. Read more software.silicon.com: Bagle toasts Windows firewall. Read more comment.silicon.com: Devil's Advocate: Should we lock up virus writers? Read more www.theregister.co.uk: Undead worms dominate Halloween viral chart. Read more www.theregister.co.uk: Beware of Yahoo! spam scam. Read more news.zdnet.com: Old con tricks pose the 'greatest security risk'. Read more www.theregister.co.uk: Oxford Uni 'hackers' suspended. Read more www.crime-research.org: Illegal Internet Access � the Most Popular Internet Crime in Russia. Read more www.pcworld.idg.com.au: Security hole burns Java proxy server. Read more www.infoworld.com: Online identity theft: Many medicines, no cure. Read more software.silicon.com: Apple denies worm. Read more news.zdnet.com: Scammers teach Web students a tough lesson. Read more www.antiphishing.org: Phishing website: http://200.189.70.90/citi/ Citibank - 'Security Alert on Microsoft Internet Explorer'. Read more

01 November 2004 Tools www.corestreet.com: SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as �phishing". Read more   Guides, Papers, etc www.microsoft.com: How A Criminal Might Infiltrate Your Network. Read more   Vulnerabilities & Exploits www.securiteam.com: MailCarrier SMTP EHLO/HELO Buffer Overflow (PoC). Read more www.securiteam.com: Libxml2 Remote Buffer Overflows. Read more www.securiteam.com: GD Graphics Library Integer Overflow Leading to a Heap Overflow. Read more cvs.sourceforge.net: vulnerability in bogofilter/bogolexer. Read more www.openpkg.org: libxml arbitrary code execution. Read more securitytracker.com: HTML::Merge Input Validation Hole in 'printsource.pl' Lets Remote Users Execute Commands. Read more   News: www.pcworld.idg.com.au: Bagle virus takes aim at Microsoft. Read more www.theinquirer.net: China confirms more Internet cafe closures. Read more www.pcworld.idg.com.au: Secret Service busts online organized crime ring. Read more www.bizjournals.com: Hacked off, fighting back. Read more www.durangoherald.com: Internet users may not be safe on Web. Read more www.southbendtribune.com: Don't get hooked into a phishing trip. Read more www.theinquirer.net: Bagle back from the dead. Read more www.timesstar.com: Pictures could be entrance for hackers. Read more

Copyright� MegaSecurity.org