Home    News Archive    Translate Traducen

News February 2008

27 February 2008 Guides, Papers, etc www.securityfocus.com The Laws of Full Disclosure. Read more www.securityfocus.com A Guide to Different Kinds of Honeypots. Read more trendmicro.mediaroom.com Executive Summary Software and Infrastructure Vulnerabilities. Read more www.avertlabs.com Windows Mobile trojan sends unauthorized information and leaves device vulnerable. Read more research.google.com Google Technical Report provos-2008a. All Your iFRAMEs Point to Us. Read more www.websense.com Google�s CAPTCHA busted in recent spammer tactics. Read more arstechnica.com Gotcha, CAPTCHA! Gmail bot detector system cracked. Read more sunbeltblog.blogspot.com More on FamilyGuyx turning down Zango... Read more sunbeltblog.blogspot.com Publisher says no to Zango. Read more ddanchev.blogspot.com RBN's Malware Puppets Need Their Master. Read more ddanchev.blogspot.com Inside a Botnet's Phishing Activities. Read more ddanchev.blogspot.com The Continuing .Gov Blackhat SEO Campaign - Part Two. Read more technology.newscientist.com Wireless worms will follow influenza's example. Read more www.channelregister.co.uk That Wi-Fi network you thought was secure? it ain't. Read more www.avertlabs.com Can I own your wireless network? Read more www.securityfocus.com Virus Tricks of the Old School. Read more www.eweek.com Pakistan Drops the BGP Bomb. Read more www.eweek.com Five-Year Security Review. Read more blog.spywareguide.com Don't Take This Program For A Spin. Read more blogs.msdn.com The First Step on the Road to More Secure Software is admitting you have a Problem. Read more isc.sans.org 'Cold boot' - Guidance for users. Read more isc.sans.org Another trojan embedded in a MS-Word DOC. Read more www.thespanner.co.uk Polymorphic javascript. Read more   Vulnerabilities & Exploits   Tools: code.google.com Creddump - Extracts Credentials from Windows Registry Hives. Read more w3af.sourceforge.net w3af - Web Application Attack and Audit Framework. Read more blog.wired.com SIM Card Spy Recovers Deleted Messages. Read more   News www.securityfocus.com Microsoft: Disk crypto not defeated. Read more www.securityfocus.com VMWare flaw allows guests to break out. Read more www.theregister.co.uk VMware vuln exposes the perils of virtualization. Read more news.zdnet.co.uk VMware security bug exposed on eve of VMworld. Read more www.circleid.com Pakistan Hijacks YouTube: A Closer Look. Read more news.bbc.co.uk Details emerge on YouTube block. Read more www.computerworld.com Finjan uncovers database storing more than 8,700 stolen FTP credentials. Read more www.securityfocus.com Court case reveals workers regularly snoop. Read more www.theregister.co.uk Spammers crack Gmail Captcha. Read more www.theregister.co.uk ISP data deal with former 'spyware' boss triggers privacy fears. Read more www.theregister.co.uk Scotland Yard careers website defaced. Read more blog.trendmicro.com Botnet Gang in Quebec Set to Appear in Court Today. Read more www.stuff.co.nz Aussie police nab $1.15m Web scammer. Read more today.reuters.co.uk EU fines Microsoft record 899 million euros. Read more

25 February 2008 Guides, Papers, etc isc.sans.org Critical VMware security alert for Windows-hosted VMware client versions. Read more cansecwest.com CanSecWest Vancouver 2008. Read more www.infoworld.com Adobe melds desktop, Web apps with AIR. Read more blog.spywareguide.com HTBomber: A Botnet With Infinite Ringmasters. Read more blog.trendmicro.com Plone Sex, Anyone? Read more blogs.technet.com Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer. Read more www.darkreading.com 'Gecko' Penetrates Building Access Systems. Read more www.darkreading.com At Del Monte, New Apps Open a Can of Worms for Remote Access. Read more www.darkreading.com Revisiting Black Hat. Read more www.esecurityplanet.com Black Hat: Dtrace a Rootkit? Read more www.trusteer.com OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability. Read more blogs.msdn.com Disk encryption: Balancing security, usability and risk assessment. Read more www.gamecritics.com Study: Players feel relief when killed in violent games. Read more www.infoworld.com Computer security's dubious future. Read more securityincite.com 2008 DOI: Day 5 - Night of the Internet Dead. Read more www.builderau.com.au Video. Schneier: Bad news is good news, not so for security. Read more   Vulnerabilities & Exploits kb.vmware.com Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE. Read more securitytracker.com VMware Shared Folder Bug Lets Local Users on the Guest OS Gain Elevated Privileges on the Host OS. Read more securitytracker.com Opera BMP Handling Bug Lets Remote Users Access Portions of Kernel Memory. Read more securitytracker.com Mozilla Firefox BMP Handling Bug Lets Remote Users Access Portions of Kernel Memory. Read more   Tools: www.honeynet.org.pt - HoneyMole 2.0.2 released. Read more sqlninja.sourceforge.net SQLninja - SQL Injection Toolkit. Read more sqid.rubyforge.org SQID - SQL Injection Digger. Read more   News www.computerworld.com Critical VMware bug lets attackers zap 'real' Windows. Read more www.techworld.com Microsoft to clamp down on Vista cracks. Read more www.sfgate.com Enzyte Maker Found Guilty of Fraud. Read more www.theregister.co.uk Linkin Park cyber-stalker sent to jail. Read more www.theage.com.au Cult of the Dead Cow offers tool to help hackers. Read more www.vnunet.com Microsoft posts Vista SP1 blacklist. Read more www.computerworld.com Constant patch releases force IT to adopt new processes. Read more www.smh.com.au Police unveil $1 million internet scam. Read more www.normantranscript.com Judge says TV station hired hackers to steal her e-mail. Read more www.vnunet.com Major Canadian hacker ring cracked. Read more

22 February 2008 Guides, Papers, etc isc.sans.org In memory of hard disk encryption? Read more isc.sans.org A little web mystery. Read more ddanchev.blogspot.com Malware Infected Hosts as Stepping Stones. Read more ddanchev.blogspot.com Localizing Cybercrime - Cultural Diversity on Demand. Read more ddanchev.blogspot.com Malicious Advertising (Malvertising) Increasing. Read more ddanchev.blogspot.com Uncovering a MSN Social Engineering Scam. Read more ddanchev.blogspot.com The FirePack Web Malware Exploitation Kit. Read more msmvps.com Malicious advertisement on MySpace.com. Read more www.f-secure.com Canada eh? Read more www.f-secure.com More Finnish Spam. Read more www.symantec.com You�re Under Investigation! Read more sunbeltblog.blogspot.com The hoax that just won't die. Read more sunbeltblog.blogspot.com Nautica Apparel website hacked. Read more blog.trendmicro.com Dark Shadows Lurk After Lunar Eclipse. Read more blog.trendmicro.com A Growing SoPHISHtication. Read more blog.trendmicro.com Bank Of America Phishing source from Korea. Read more www.darkreading.com 'Live' VMs at Risk While in Transit. Read more www.darkreading.com Feds Wrestle With Security Threats. Read more www.darkreading.com There She Is, Miss Identify. Read more www.darkreading.com The Social Engineer's Toolbox. Read more www.darkreading.com Best Practices & Practicalities. Read more citp.princeton.edu.nyud.net Lest We Remember: Cold Boot Attacks on Encryption Keys. Read more www2.csoonline.com Famous for Fifteen Minutes: A History of Hacking Culture. Read more www-static.cc.gatech.edu BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Read more www.podtrac.com Audio. Security Now 132: Listener Feedback 35. Listen   Vulnerabilities & Exploits www.darkreading.com Mu Discovers Vulnerabilities in MPlayer. Read more www.securiteam.co Windows Message Queuing Service RPC (MS07-065, Exploit). Read more   Tools: missidentify.sourceforge.net Miss Identify is a program to find Win32 applications. In its default mode it displays the filename of any executable that does not have an executable extension. Read more   News www.nytimes.com Bill Gates: Internet Censorship Won�t Work. Read more www.vnunet.com DRAM crack breaks encryption software. Read more www.cbc.ca International hacking network busted, Quebec police say. Read more www.securityfocus.com E-mail typosquatting poses leakage threat. Read more www.securityfocus.com IRS taxed by phishing attacks. Read more www.nationalpost.com Quebec police bust alleged hacker ring. Read more www.theregister.co.uk Microsoft opens APIs and protocols to all. Read more www.casinocitytimes.com Online gaming sites attacked by botnets. Read more www.theregister.co.uk Malware writers think global, act local. Read more www.smh.com.au Rogue DNS servers a growing threat. Read more www.smh.com.au Porn studio wants Google, Yahoo to help protect kids. Read more www.sophos.com Voice phishers cash in on genuine warning with cloned switchboard. Read more news.softpedia.com Hackers Now Hiring Hackers. Read more www.forbes.com Wiretapping Made Easy. Read more

20 February 2008 Guides, Papers, etc commons.globalintegrity.org Internet Censorship: A Comparative Study. Read more www.computerworld.com Row highlights Internet censorship in Finland. Read more www.upi.com Analysis: Terrorist use of the Internet. Read more sunbeltblog.blogspot.com Incredible -- C-NetMedia still continues its grossly deceptive practices. Read more rbnexploit.blogspot.com Extortion and Denial of Service (DDOS) Attacks. Read more www.securityfocus.com Worries over "good worms" rise again. Read more www.computerworld.com Russian hosting network running a protection racket, researcher says. Read more sunbeltblog.blogspot.com New tool for analyzing potentially malicious swf files. Read more pentaphase.de SWF in a nutshell and the malware tragedy. Read more www.f-secure.com Mikkeli Spam Links to ZBot Malware. Read more www.f-secure.com Paid for Receiving Bank Transfers. Read more www.f-secure.com Campus Party. Read more isc.sans.org Update mechanisms in utility software. Read more isc.sans.org MS Vista - Windows Update Issue. Read more ddanchev.blogspot.com The Continuing .Gov Blackat SEO Campaign. Read more ddanchev.blogspot.com Serving Malware Through Advertising Networks. Read more anti-virus-rants.blogspot.com when all you have is a hammer, everything looks like a nail. Read more blogs.securiteam.com IPv6 and location based tracking. Read more www.darkreading.com Free Web Filtering Service Taps User Input. Read more www.informationweek.com Malware: One Victim's Story. Read more www.upi.com 'Internet predator' stereotypes debunked. Read moe blog.spywareguide.com World of Warcraft Players: Beware Fake Beta Test Invites! Read more www.makeuseof.com Are you Sure your Email isn�t being Hacked?. Read more dvlabs.tippingpoint.com PHP File Include Attacks (Part 1 of 4). Read more dvlabs.tippingpoint.com PHP File Include Attacks (Part 2 of 4). Read more dvlabs.tippingpoint.com PHP File Include Attacks (Part 3 of 4). Read more   Tools: news.bbc.co.uk Brain control headset for gamers. Read more   News www.theregister.co.uk Hacker holds onto ill-gotten gains thanks to US courts. Read more www.usatoday.com China censures Baidu.com. Read more www.darkreading.com Harvard Site Hacked, Posted to BitTorrent. Read more www.theregister.co.uk Japan brings down Godzilla of spam. Read more www.theregister.co.uk Spain cuffs Wi-Fi leeching lottery scammers. Read more www.vnunet.com Hackers step up website attacks. Read more news.bbc.co.uk 'Hacker' launches iTunes copying. Read more realitybasedcommunity.net Scientology abuses eBay's VeRO program to practice religious, price discrimination. Read more www.chron.com Anti-American rant takes over Dallas police Web site. Read more www.theregister.co.uk Redmond puts key Vista update on ice. Read more

18 February 2008 Guides, Papers, etc www.stopbadware.org StopBadware Report - RealPlayer (v10.5, v11). Read more isc.sans.org IT Security in the SMB - Follow-up. Read more www.avertlabs.com When Is Stealing Not Theft? Read more ddanchev.blogspot.com Geolocating Malicious ISPs. Read more ddanchev.blogspot.com Massive Blackhat SEO Targeting Blogspot. Read more ddanchev.blogspot.com Malware Embedded Link at Pod-Planet. Read more www.darkreading.com Botnet Hunters Reveal New Spin on Old Tricks. Read more www.darkreading.com Tech Insight: Analyze This Malware. Read more www.darkreading.com Disclosure Prevention. Read more www.zdnet.com.au Buying security products is often a waste of money. Read more www.f-secure.com Campus Party. Read more www.technewsworld.com Inside Firefox 3's Latest Beta Update, Part 1. Read more www.pcworld.com 'Undercover' Security Tool Could Replace Passwords. Read more www.korelogic.com Burying Your Head in the SandNet. Sandnets in the Forensic Process. Read more   Vulnerabilities & Exploits www.securiteam.com Firefox and Opera Memory Information Leak. Read more   News www.infoworld.com Bug-finder gets no credit from Microsoft. Read more www.theinquirer.ne Microsoft tries to blot hacker out of history books. Read more blogs.zdnet.com Exploit code surfaces for Microsoft Works, QuickTime. Read more computerworld.co.nz Hackers spread malware with 'Hilary Clinton' spam. Read more www.smh.com.au Microsoft wants to worm its way into your PC. Read more news.bbc.co.uk Machines 'to match man by 2029'. Read more

15 February 2008 Guides, Papers, etc www.benedelman.org Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices. Read more www.theregister.co.uk Web browsers on the front line of exploitation. Read more technology.newscientist.com Friendly 'worms' could spread software fixes. Read more www.securityfocus.com Tweaking Social Security to Combat Fraud. Read more www.f-secure.com Video - Rogue Spotting. Read more www.f-secure.com Up, Up and Away. Read more isc.sans.org Tools for updating third-party software. Read more sunbeltblog.blogspot.com Dangerous new fake American Greetings spam. Read more sunbeltblog.blogspot.com Topical emails continue with rootkit-pushing trojan. Read more sunbeltblog.blogspot.com One more attack on the privacy and freedoms of Americans. Read more sunbeltblog.blogspot.com Sick malware for sick minds. Read more www.sophos.com Zango the Time-shifters. Read more ddanchev.blogspot.com Statistics from a Malware Embedded Attack. Read more ddanchev.blogspot.com Statistics from a Malware Embedded Attack. Read more ddanchev.blogspot.com Visualizing a SEO Links Farm. Read more ddanchev.blogspot.com The New Media Malware Gang - Part Three. Read more ddanchev.blogspot.com Anti-Malware Vendor's Site Serving Malware. Read more ddanchev.blogspot.com BlackEnergy DDoS Bot Web Based C&Cs. Read more www.darkreading.com DHS Project Creates New Malware Capture Technique. Read more www.darkreading.com Report: Zero-Days Are Now Attackers' Second Choice. Read more www.darkreading.com Ten Myths About Identity Fraud. Read more www.darkreading.com Protecting Yourself From the Border Patrol. Read more www.darkreading.com Weapons of Mass Redirection. Read more www.darkreading.com The Truth Behind Code Analysis. Read more www.popsci.com The Anonymity Experiment. Read more www.out-law.com Bank scammers scammed, says security researcher. Read more www.eweek.com The Futility of IPv4 Address Recycling. Read more blogs.securiteam.com Q: Restricted user rights and vulnerabilities. Read more www.theregister.co.uk MayDay! MayDay! Ruskies reinvent cyber crime. Read more www.itrportal.com Tier-3 says new trend in banner ad infection Trojans can be beaten. Read more www.cnet.com Enable Vista's hidden administrator, and password-protect its XP equivalent. Read more www.podtrac.com Audio. Security Now 131: Free CompuSec. Listen   Vulnerabilities & Exploits securitytracker.com Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com F-Secure Anti-Virus May Fail to Scan Certain CAB and RAR Archives. Read more securitytracker.com F-Secure Internet Gatekeeper May Fail to Scan Certain CAB and RAR Archives. Read more securitytracker.com F-Secure Internet Security May Fail to Scan Certain CAB and RAR Archives. Read more securitytracker.com Clam AntiVirus Integer Overflow in Processing PE Files Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Cisco Unified IP Phone Buffer Overflow in Telnet Server Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Cisco Unified IP Phone Buffer Overflow in Parsing MIME Encoded SIP Messages Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Cisco Unified IP Phone Buffer Overflow in Parsing DNS Responses Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Java Web Start Bugs Let Remote Users Rename/Copy Files on the Target User's System. Read more securitytracker.com FreeBSD sendfile() Discloses Write-only File Contents to Local Users. Read more   News www.securityfocus.com Microsoft patches severe IE browser flaws. Read more www.securityfocus.com Fraudsters look for a little love. Read more www.computerweekly.com Storm Worm is basis for most cyber attacks, says IBM. Read more www.theregister.co.uk Eugene Kaspersky and the KGB man that never was. Read more arstechnica.com More rogue DNS servers serving up poisonous content. Read more www.theregister.co.uk Major Linux security glitch lets hackers in at Claranet. Read more www.theregister.co.uk Students win appeal against cyberjihad convictions. Read more www.yorkregion.com Computer encryption slowing child porn probe. Read more www.vnunet.com Storm clouds Valentine's Day inboxes. Read more www.vnunet.com Users tricked by promise of celebrity porn. Read more

12 February 2008 Guides, Papers, etc www.eweek.com The Anti-Malware Industry Tries to Save Itself. Read more www.darkreading.com DNS Inventor Warns of Next Big Threat. Read more www.daniweb.com/ RealPlayer users held to ransom. Read more sunbeltblog.blogspot.com Legitimate security companies advertised through malware. Read more sunbeltblog.blogspot.com Spam pushing Vista SP1 Crackz. Read more www.infoworld.com Computer security: Why have least privilege? Read more blogs.securiteam.com Password: Impossible. Read more www.pcw.co.uk OFT highlights scammers tricks. Read more community.zdnet.co.uk Botnet more dangerous than Storm? Read more www.f-secure.com Storm Has Sent Their Cupids. Read more www.f-secure.com ITsecurityEvents.com. Read more www.avertlabs.com Another Adobe PDF Exploit in the Wild. Read more isc.sans.org Apple security update 2008-001 and 10.5.2 upgrade. Read more isc.sans.org Linux Kernel Vulnerability ... 2.6.24.1 and prior. Read more isc.sans.org ActiveX FAQ. Read more isc.sans.org MSN Messenger Trojan. Read more isc.sans.org Adobe Reader exploit in the wild. Read more ddanchev.blogspot.com GCHQing with the Honeynet Project. Read more www.darkreading.com Keyloggers Aren't Viruses... Are They? Read more www.0x000000.com Browsing The Browser. Read more www.oooninja.com Is Microsoft Office Adware? Read more www.darkreading.com The Coolest Hacks of 2007 - Part II. Read more www.darkreading.com Antivirus Inventor: Security Departments Are Wasting Their Time. Read more security.itworld.com Encryption could make you more vulnerable, warn experts. Read more www.nytimes.com How Sticky Is Membership on Facebook? Just Try Breaking Free. Read more   Vulnerabilities & Exploits www.0x000000.com Firefox Vulnerable By Default. Read more   Tools: isc.sans.org Update - Tools for the Home User. Read more   News www.theregister.co.uk Firefox updates, blitzes trio of critical bugs. Read more www.theaustralian.news.com.au Anti-Scientology protests staged. Read more abcnews.go.com Church Calls Protesters 'Cyber Terrorists'. Read more www.efluxmedia.com Protesters Warn: Scientology - A �Money-Making Scheme�. Read more www.pcw.co.uk Storm worm 'making millions a day'. Read more news.smh.com.au Spanish police detain 76 in major Internet fraud probe. Read more news.ninemsn.com.au Enforcing the law against online fraud. Read more www.theregister.co.uk UK teen is world's youngest certified ethical hacker (maybe). Read more www.sfgate.com/ Hans Reiser Trial. Read more techdirt.com Danish Block Of The Pirate Bay Leads To Even More Traffic. Read more www.networkworld.com Powerful new antiphishing weapon DKIM emerges. Read more www.earthtimes.org Internet contacts increase paedophilia, Spanish experts say - Feature. Read more

09 February 2008 Guides, Papers, etc www.guardian.co.uk Behind the Great Firewall. Read more www.microsoft.com Microsoft Security Bulletin Advance Notification for February 2008. Read more www.f-secure.com ITsecurityEvents.com. Read more isc.sans.org Adobe Reader exploit in the wild. Read more isc.sans.org Multiple vulnerabilities in commonly used client software. Read more isc.sans.org Firefox 2.0.0.12 is out. Read more www.symantec.com The Flow of MBR Rootkit Trojan Resumes. Read more www.darkreading.com The Coolest Hacks of 2007 - Part II. Read more www.darkreading.com Antivirus Inventor: Security Departments Are Wasting Their Time. Read more www.darkreading.com Rethinking Security. Read more www.informationweek.com ComScore Says 'Researchware' Isn't 'Spyware'. Read more news.bbc.co.uk Staying safe without anti-virus. Read more community.zdnet.co.uk Botnet more dangerous than Storm? Read more www.cnet.com Is Linus Torvalds even speaking for Linux anymore? Read more www.techworld.com Encryption could make you more vulnerable, warn experts. Read more www.andrew.cmu.edu Undercover: Authentication Usable in Front of Prying Eyes. Read more www.esecurityplanet.com Two-Factor Authentication, Get Used to It. Read more www.realtime-itcompliance.com Two Types Of Young Hackers. Read more howto.wired.com Run a Traceroute. Read more blogs.technet.com The Kill-Bit FAQ: Part 1 of 3. Read more blogs.technet.com The Kill-Bit FAQ: Part 2 of 3. Read more blogs.technet.com The Kill-Bit FAQ: Part 3 of 3. Read more aolradio.podcast.aol.com Audio. Security Now 130: Listener Feedback 34. Listen   Vulnerabilities & Exploits securitytracker.com Symantec Ghost Solution Suite Authentication Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Adobe Reader Stack Overflow and Other Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com Mozilla Firefox Lets Remote Users Obscure Web Forgery Dialog Warnings. Read more securitytracker.com Mozilla Firefox Stylesheet Processing Bug May Let Remote Users Obtain URL Parameters. Read more securitytracker.com Mozilla Firefox Lets Remote Users Prevent the Browser From Opening Local Plain Text Files in Certain Cases. Read more securitytracker.com Mozilla Firefox Lets Remote Users Tamper with Security Dialogs. Read more securitytracker.com Mozilla Firefox Lets Remote Web Sites Corrupt the Password Store in Certain Cases. Read more securitytracker.com Mozilla Firefox Lets Remote Users Steal the Focus to Obtain Keystrokes. Read more securitytracker.com Mozilla Firefox chrome: URI Directory Traversal Bug Lets Remote Users Load Local Files. Read more securitytracker.com Mozilla Firefox designMode Frames May Let Remote Users Obtain Information and Potentially Execute Arbitrary Code. Read more securitytracker.com Mozilla Firefox JavaScript Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code. Read more securitytracker.com HP Select Identity Lets Remote Authenticated Users Gain Access. Read more securitytracker.com Mozilla Firefox Bugs in JavaScript Engine Let Remote Users Execute Arbitrary Code. Read more securitytracker.com Mozilla Firefox Bugs in Browser Engine Let Remote Users Execute Arbitrary Code. Read more securitytracker.com IBM DB2 Alternate Path Bug Lets Local Users Gain Root Privileges. Read more securitytracker.com IBM DB2 Universal Database Administration Server Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Check Point VPN-1 SecuRemote/SecureClient Auto Local Logon Feature Lets Local Users Authenticate as Other Users. Read more securitytracker.com WordPress XML-RPC Bug Lets Remote Users Edit Arbitrary Posts. Read more securitytracker.com IBM WebSphere Edge Server Input Validation Hole in CGI Mapping Error Page Permits Cross-Site Scripting Attacks. Read more securitytracker.com KAME IPv6 Stack Can Be Crashed By Remote Users Sending an IPv6 Packet Containing an IPComp Header. Read more securitytracker.com Symantec Altiris Notification Server Lets Local Users Gain Elevated Privileges. Read more securitytracker.com HP Storage Essentials Storage Resource Management Software Grants Remote Users Access to Managed Devices. Read more securitytracker.com HP Virtual Rooms Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Tcl/Tk Buffer Overflow in Processing GIF Files Lets Users Execute Arbitrary Code. Read more securitytracker.com Java Runtime Environment Lets Remote Applets and Applications Gain Elevated Privileges. Read more   Tools: sunbeltblog.blogspot.com Nifty new tool from ESET. Read more www.avertlabs.com FAR Manager goes open source. Read more   News www.theregister.co.uk FBI sought approval to use spyware against terror suspects. Read more www.securityfocus.com Mozilla plugs critical flaws with Firefox patch. Read more www.securityfocus.com Apple, Adobe patch application flaws. Read more www.theregister.co.uk Hackers seed malware on Indian anti-virus site. Read more news.bbc.co.uk Malicious programs hit new high. Read more www.snpx.com Complex attack targets Better Business Bureau. Read more www.vnunet.com Microsoft preps seven 'critical' fixes. Read more www.theregister.co.uk Automated crack for Windows Live captcha goes wild. Read more news.cnet.co.uk Hackers to test OS vulnerability. Read more www.zdnet.co.uk Windows without IE? What about Windows "N"? Read more techdirt.com Chinese Professor Suing Google And Yahoo For Making Him Disappear From Chinese Search. Read more www.computerworld.com Updated encryption tool for al-Qaeda backers improves on first version, researcher says. Read more www.auscert.org.au Targeted phishing attacks directed towards Australian universities. Read more

06 February 2008 Guides, Papers, etc blogs.technet.com Inside Vista SP1 File Copy Improvements. Read more www.f-secure.com Spotted in the wild: Rogue Microsoft Update site. Read more www.f-secure.com Viagra Shop Busted in Sweden. Read more sunbeltblog.blogspot.com Malicious banner ads on the web. Read more sunbeltblog.blogspot.com Zango defends Snopes. Read more sunbeltblog.blogspot.com The Antispyware Coalition Public Workshop. Read more www.avertlabs.com Yet another Yahoo zero-day attack hits the Web. Read more msmvps.com Internet Explorer is NOT to blame for the Flash advertisement problem !! Read more msmvps.com Malicious advertisement identified - friendsreunited, genesreunited. Read more www.darkreading.com New Authentication Scheme Combats Keyloggers, Shoulder-Hacking. Read more anti-virus-rants.blogspot.com samples, variants, and signatures - oh my. Read more anti-virus-rants.blogspot.com what is packed malware? Read more www.theregister.co.uk Turning a Nokia phone into a hotspot. Read more isc.sans.org When security improvements backfire. Read more isc.sans.org Correction - Yahoo! Data Grid CLSID. Read more isc.sans.org GUI Killbit App Available (UPDATE: CLI version too!). Read more www.disog.org Botnet Distributed Command and Control. (DC&C). Read more www.disog.org Researching your own botnets. Read more www.disog.org Infiltrator Botnet Monitor Read more economictimes.indiatimes.com Virtual keyboards keep online hackers at bay. Read more www.technewsworld.com The Cost of ID Theft, Part 1: Beyond Dollars and Cents. Read more www.technewsworld.com The Cost of ID Theft, Part 2: Fixing the System. Read more dvlabs.tippingpoint.com PHP File Include Attacks (Part 1 of 4). Read more   Vulnerabilities & Exploits securitytracker.com iPhoto Photocast Format String Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com HP OpenView Network Node Manager Bug Lets Remote Users Deny Service. Read more securitytracker.com EMC Documentum 'dmclTrace.jsp' Bug Lets Remote Users Upload Arbitrary Files and Execute Arbitrary Code. Read more securitytracker.com Novell Modular Authentication Service Challenge Response Client Discloses Clipboard Contents to Local Users. Read more securitytracker.com Symantec BackupExec System Recovery Manager Lets Remote Users Upload Arbitrary Files and Execute Arbitrary Code. Read more securitytracker.com GroupWise Input Validation Hole in 'webacc' Permits Cross-Site Scripting Attacks. Read more securitytracker.com Yahoo Music Jukebox Buffer Overflow in AddImage() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com SAPlpd Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com MPlayer Pointer Dereference in 'demux_mov.c' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Aurigma Image Uploader Buffer Overflows in ExtractExif() and ExtractIptc() Functions Let Remote Users Execute Arbitrary Code. Read more   Tools: www.truecrypt.org TrueCrypt 5.0 released. Read more   News www.securityfocus.com Antivirus firms, testers form standards group. Read more www.latimes.com Scientology feud with its critics takes to Internet. Read more www.theregister.co.uk Skype squishes cross-zone scripting bug. Read more www.vnunet.com Christian hackers attack MySpace page. Read more www.vnunet.com Attackers gun for new ActiveX flaws. Read more www.cutimes.com 'Extreme Hacker' Contest at NAFCU Security Confab. Read more www.theregister.co.uk More remote workers squatting next door's broadband. Read more www.computeractive.co.uk IM and chatrooms worst for sexual harassment. Read more

04 February 2008 Guides, Papers, etc www.nytimes.com Great Firewall of China Faces Online Rebels. Read more blogs.securiteam.com How much does it cost to break into SmugMug.com? Read more www.f-secure.com Website Partnership Enquiry. Read more isc.sans.org Spot Checking Websites using Google Alerts. Read more isc.sans.org IT Security in the SMB - Call for input. Read more sunbeltblog.blogspot.com Zango defends Snopes. Read more antispywarecoalition.org Spyware: What's Worked, What's Left, and What's Coming. Read more www.cisrt.org Valentine Day. Read more www.cisrt.org Video of Paris Hilton? Read more ophir.wordpress.com Privacy, Security and Elastic Computing. Read more blog.iantivirus.com Pay-Per-Install A Malware Retail Business. Read more www.darkreading.com Tech Insight: The Buzz Around Fuzzing. Read more www.darkreading.com Email Authentication Reaches 'Tipping Point'. Read more www.wired.com/ alt.scientology.war. Read more www.uninformed.org Uninformed vol 9. Read more www.technewsworld.com Malware Purveyors Had Banner Year in '07. Read more   Vulnerabilities & Exploits securitytracker.com UltraVNC vncviewer Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Java Runtime Environment (JRE) XML External Entity Property Lets Remote Users Access URL Resources. Read more securitytracker.com Linux Kernel VFS Lets Local Users Trucate Directories. Read more   News blog.wired.com Afghan Student Sentenced to Death After Downloading Report. Read more www.washingtonpost.com Bush Order Expands Network Monitoring. Read more www.securityfocus.com Universities fend off phishing attacks. Read more www.theregister.co.uk Gov. war gamers hack servers to stay ahead. Read more www.guardian.co.uk Hackers declare war on Scientologists amid claims of heavy-handed Cruise control. Read more www.pcworld.idg.com.au Storm worm dethroned by sex botnet. Read more computerworld.co.nz US site offers encryption tool for al-Qaeda backers. Read more www.pcpro.co.uk Kaspersky decries Russian hacker "propaganda" . Read more www.techworld.com Start-up looks to head off botnets. Read more www.computerworld.com Corporate IT warms up to online backup services. Read more www.theregister.co.uk SkypeFinds another security snafu. Read more www.theregister.co.uk 419 scammers plead guilty in US. Read more

01 February 2008 Guides, Papers, etc www.securityfocus.com Skills for the Future. Read more www.gcn.com The world of spyware evolves. Read more isc.sans.org Universities in the US being targeted in a Spear Phising attack. Read more ddanchev.blogspot.com The Shark3 Malware is in the Wild. Read more www.darkreading.com Spyware Threat Isn't Dead, Experts Say. Read more www.darkreading.com Startup Aims for Meatier Signatures. Read more www.darkreading.com Stopping Google Blog Spam. Read more www.stopbadware.org RealPlayer 10.5 is badware. Read more www2.csoonline.com Social Networking Tips From Security Pros. Read more www.securitypronews.com Unbloating Vista Could Be Security Risk. Read more aolradio.podcast.aol.com Audio. Security Now 129: Windows SteadyState. Listen zeroq.kulando.de A short visit to worm Locksky. Read more zeroq.kulando.de A short visit to Perl IRC Bot. Read more   Vulnerabilities & Exploits securitytracker.com OpenBGPD Input Validation Hole in 'bgplg' Permits Cross-Site Scripting Attacks. Read more securitytracker.com SwiftView Buffer Overflow in ActiveX Control and Plug-in Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Coppermine Photo Gallery Input Validation Flaw in 'imageObjectIM' Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com Coppermine Photo Gallery Bugs Permit Cross-Site Scripting and SQL Injection Attacks. Read more securitytracker.com Xdg-Utils Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more   Tools: zero.ram.rwth-aachen.de Amun: Python Honeypot. Read more zeroq.kulando.de Infiltrator script for quick and dirty botnet monitoring. Read more   News www.darknet.org.uk German Police Creating Law Enforcement Trojan. Read more www.theregister.co.uk/ Spyware another weapon for domestic abuse. Read more www.computerworlduk.com Microsoft beefs up security APIs for Vista, XP. Read more www.nbc11.com IRC Hackers Set Date For Anti-Scientology Protests. Read more www.sfgate.com Hackers target Church of Scientology with protests. Read more www.itnews.com.au Mega-D botnet stronger than Storm, promotes male sexual pills. Read more www.infoworld.com Phishers use DNS tricks to direct users to bad sites. Read more www.thelocal.se Police thwart remote-control bank heist. Read more www.theregister.co.uk Russian FSB 'protecting' Storm Worm gang. Read more www.usdoj.gov Three Defendants Plead Guilty in "Advance-Fee" Fraud Scheme. Read more www.computeractive.co.uk Help for victims of cyber-crime. Read more

Copyright� MegaSecurity.org