Home    News Archive    Translate Traducen

News April 2005

30 April 2005 Guides, Papers, etc www.infectionvectors.com: Beagle Alert. Read more www.viruslist.com: The Bagle botnet. Read more www.internetnews.com: Paul Kocher, President, Cryptography Research. Read more www.securityfocus.com: Backups tapes a backdoor for identity thieves. Read more www.eeproductcenter.com: Hacking a SQL Server. Read more www.eeproductcenter.com: Cryptography and Competition Policy Issues with "Trusted Computing". Read more www.pcworld.com: New Ad Attacks. Read more www.computerworld.com: Log-on type codes revealed. Read more   Vulnerabilities & Exploits www.securitytracker.com: Symantec AntiVirus RAR Decomposition Error Lets Certain RAR Archives Bypass Anti-virus Detection. Read more www.securitytracker.com: enVivo!CMS Input Validation Flaw Lets Remote Users Inject SQL Commands and Gain Administrative Privileges. Read more www.securitytracker.com: Lotus Domino Format String Flaw in Processing NRPC Protocol Lets Remote Users Deny Service. Read more www.securitytracker.com: Lotus Notes Can Be Crashed By Local Users Via the 'notes.ini' File. Read more www.securitytracker.com: Lotus Domino @SetHTTPHeader Permits HTTP Response Splitting Attacks. Read more www.securitytracker.com: WWWguestbook 'login.asp' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: JustWilliam's Amazon Webstore Input Validation Holes Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Safari Can Be Crashed With Long HTTPS URL. Read more www.securitytracker.com: phpCOIN Input Validation Holes in 'login.php' and 'mod.php' Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Ocean12 Mailing List Manager Lets Remote Users Inject SQL Commands. Read more   News www.newscientist.com: Google searches for quality not quantity. Read more www.theregister.co.uk: Google redraws world according to George Bush. Read more www.theregister.co.uk: Trojan attack exploits Google typos. Read more www.pcworld.com: Spyware Doctor Fails to Beat Favorites in Latest Tests. Read more www.pcworld.com: Adware/Spyware Vendor Sued Over 'Invasive' Software. Read more news.zdnet.co.uk: Have email viruses had their day? Read more news.zdnet.co.uk: No electronic 9/11 here, says Home Office. Read more www.computerworld.com: Trust in Online Banking: Hard to Earn, Easy to Lose. Read more www.pcworld.com: First Look: Symantec's So-So Spyware Protection. Read more

29 April 2005 Guides, Papers, etc The stupidest hacker on earth. This is the story of "bitchchecker" (the hacker) a user who lost it because he thought he had been kicked of a RC channel by "Elch". The hacker comes back on the channel threatening to hack and ruin Elch machine, and dares Elch to give his IP address. The address given was 127.0.0.1 (which is anyone's local IP address - you own IP, if you want), but bitchchecker was not knowledgeable enough to know that and tried to use a software to destroy what he thought was Elch hard drives... Read more www.claymania.com: Safe Hex - Safe Computing Tips. Read more internet-insecurity.com: Rootkit discovery tools. Read more www.mobilepipeline.com: Safe Hotspotting With For-Hire VPNs. Read more   Tools: druid.caughq.org: hcraft is a HTTP systems penetration testing tool designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process. hcraft is intended to help take the details out of executing HTTP based attacks that require you to specially craft an HTTP request. Read more druid.caughq.org: The Fake Open SMTP Relay. Read more   Vulnerabilities & Exploits www.securitytracker.com: Uapplication Products Disclose the Database to Remote Users and Let Remote Authenticate Administrators Upload Arbitrary Files. Read more www.securitytracker.com: HP OpenView Radia Management Portal Lets Remote Users Gain Access and Also Deny Service. Read more www.securitytracker.com: ICUII Discloses Passwords to Local Users. Read more www.securitytracker.com: phpBB Notes Mod Input Validation Hole in 'posting_notes.php' Permits SQL Injection. Read more www.securitytracker.com: NotJustBrowsing Discloses Application Password to Local Users. Read more www.debian.org: DSA-719-1 prozilla -- format string problems. Read more www.debian.org: DSA-718-2 ethereal -- buffer overflow. Read more   News www.theregister.co.uk: Firefox doubles market share as IE slips. Read more www.computerworld.com.au: Security product outbreak hits InfoSec. Read more www.theregister.co.uk: VXer targets Romanian gypsy music. Read more www.t2.fi: F-Secure pros issue hacker challenge. Read more www.itsecurity.com: Online Banking Requires Stronger Authentication Methods...Read more www.11alive.com: Hack Attack on GSU Student Info. Read more www.vnunet.com: Most computer hacking an 'inside job'. Read more www.vnunet.com: Online crime spirals out of control. Read more www.vnunet.com: 64-bit Windows wide open to viruses. Read more www.eweek.com: Gates: 64-Bit Transition Will Happen 'Rapidly'. Read more www.theregister.co.uk: New York sues Intermix over spyware. Read more spamkings.oreilly.com: AOL lands on spam blacklist. Read more news.com.com: Senate bill proposes to close e-mail wiretapping "loophole". Read more news.zdnet.co.uk: Google used in phishing attack. Read more

28 April 2005 Guides, Papers, etc www.hoti.org: Design of a System for Real-TimeWorm Detection. Read more www.viruslist.com: The Bagle botnet. Read more www.microscope.co.uk: Encryption: the key to secure data? Read more www.securityfocus.com: Cleanliness next to Rootliness. Read more www.securityfocus.com: Security for the Paranoid. Read more cne.gmu.edu: An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. Read more   Vulnerabilities & Exploits www.securitytracker.com: MaxDB Buffer Overflow in getIfHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: Internet Exporer Content Advisor Memory Corruption (Exploit, MS05-020). Read more www.securiteam.com: MySQL MaxDB Webtool Buffer Overflow Exploit (%). Read more www.securiteam.com: Multiple DoS Vulnerabilities in TCPDUMP (RSVP Packet, LDP Packet, BGP Packet and GRE Packet). Read more www.securiteam.com: NetTerm's NetFTPd Buffer Overflow (USER, Exploit). Read more www.debian.org: DSA-717-1 lsh-utils -- buffer overflow, typo. Read more   News www.asahi.com: Trend Micro antivirus fix wasn't tested before release. Read more www.theregister.co.uk: Web attacks soar. Read more www.krqe.com: Former LANL employee sentenced for hacking. Read more news.zdnet.com: Scheme preys on people who mistype 'Google.com'. Read more news.zdnet.com: Bush signs law targeting P2P pirates. Read more news.zdnet.co.uk: Highly critical Netscape flaw revealed. Read more news.zdnet.com: Group wants encryption bans overturned. Read more news.zdnet.com: Gates offers Longhorn appetizer. Read more news.zdnet.com: Microsoft XML guru sees power for the people. Read more news.zdnet.com: Gates wants to scrap H-1B visa restrictions. Read more

27 April 2005 Guides, Papers, etc www.securityfocus.com: Microsoft's reveals hardware security plans, concerns remain. Read more www.ngssoftware.com: Stopping Automated Attack Tools. Read more   Vulnerabilities & Exploits www.gentoo.org: Rootkit Hunter: Insecure temporary file creation. Read more www.securitytracker.com: yappa-ng Input Validation Holes Let Remote Users Execute Arbitrary Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: BEA WebLogic Administration Console Input Validation Hole in 'JndiFramesetAction' Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Citrix Program Neighborhood Agent Stack Overflow Lets Remote Users Execute Arbitrary Code and Another Bug Lets Remote Users Create Arbitrary Shortcuts. Read more www.securitytracker.com: Citrix WinCE MetaFrame Presentation Server Client Stack Overflow Lets Remote Users Execute Arbitrary Code and Another Bug Lets Remote Users Create Arbitrary Shortcuts. Read more www.securitytracker.com: nProtect Netizen Lets Remote Users Download Arbitrary Files to the Target System. Read more www.securitytracker.com: bBlog Input Validation Hole in 'postid' Permits SQL Injection and in Message Body Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: NetIQ PSSecure May Let Remote Users Bypass AS/400 FTP Access Controls. Read more www.securitytracker.com: SafeStone AxcessIT May Let Remote Users Bypass AS/400 FTP Access Controls. Read more www.securitytracker.com: NASI BSafe May Let Remote Users Bypass AS/400 FTP Access Controls. Read more www.securitytracker.com: Castlehill Secure/Net May Let Remote Users Bypass AS/400 FTP Access Controls. Read more www.securitytracker.com: PowerLock NetworkSecurity May Let Remote Users Bypass AS/400 FTP Access Controls. Read more www.securitytracker.com: Raz-Lee Firewall+++ May Let Remote Users Bypass AS/400 FTP Access Controls. Read more www.securitytracker.com: phpMyVisites Input Validation Errors Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Fastream NETFile Server Lets Remote Users Create or Delete Files and Directories in Arbitrary Locations. Read more www.securitytracker.com: SqWebMail Input Validation Hole in 'redirect' Parameter Permits HTTP Response Splitting Attacks. Read more www.securiteam.com: E-Cart index.cgi Command Execution (Exploit). Read more www.securiteam.com: Yager Buffer Overflow (Exploit). Read more www.debian.org: DSA-715-1 cvs -- serveral. Read more   News asia.cnet.com: Microsoft to add 'black box' to Windows. Read more www.theinquirer.net: Microsoft�s Longhorn has spyware plan. Read more news.zdnet.co.uk: Unpatched machines 'Net's biggest threat'. Read more www.computerworld.com.au: Infosecurity showgoers place law above tech. Read more www.itbusiness.ca: Security preparedness is TASK one. "Hackers are professionals. They get paid," warns user group. Read more asia.cnet.com: Spamhaus hits out at ISPs, praises Microsoft. Read more news.zdnet.co.uk: Schneier slates misuse of 'cyberterrorism'. Read more www.theregister.co.uk: Are you storing up email trouble? Read more news.zdnet.co.uk: Trend Micro customers suffer weekend mayhem. Read more

26 April 2005 Guides, Papers, etc www.eweek.com: The Sad State of Spyware. Read more www.eweek.com: Worm Early Warning System Late to the Game. Read more www.boersenreport.de: Microsoft demos `more secure` Longhorn Windows. Read more www.eweek.com: Automatic Protection Systems Are Too Dumb and Too Fast. Read more   Tools: cse.msstate.edu: GoogleSweep is a pen-test tool for information-gathering that uses Google to find information on IP addresses and hostnames on a target network. Read more   Vulnerabilities & Exploits www.securitytracker.com: MaxDB HTTP Request '%' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: MaxDB Buffer Overflow in getLockTokenHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: MailEnable Unspecified IMAP and SMTP Bugs May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP/UX ICMP PMTU Attacks Let Remote Users Deny Service. Read more www.securitytracker.com: Store Portal Input Validation Errors Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: OneWorldStore Discloses Order Information to Remote Users. Read more www.securitytracker.com: ACS Blog Authentication Flaw in 'inc_login_check.asp' Lets Remote User Gain Administrative Access. Read more www.securitytracker.com: Snmppd Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: BK Forum Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: CartWIZ Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.gulftech.org: Multiple eGroupware Vulnerabilities. Read more www.idefense.com: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability. Read more   News www.techworld.com: Trend Micro bug down to over-quick testing. Read more www.securitypronews.com: Web Server Cracks And Defacements Increase. Read more www.computerworld.com: Many Web site hackers are schoolboys, watchdog group says. Read more www.computerworld.com: Hackers plot more phishing, mobile viruses. Read more www.webpronews.com: Computer Hacking An Inside Job. Read more www.bitdefender.com: New Romanian Virus Speculates On Iraqi Crisis. Read more searchsecurity.techtarget.com: Viruses 'a thing of the past'. Read more www.broadbandreports.com: Evil Twin Wi-Fi Attacks. Read more www.eweek.com: Group Aims to Develop Guidelines to Define Spyware. Read more www.techworld.com: Internet Explorer improvements come to light. Read more www.techworld.com: Longhorn security technology scrapped. Read more comment.zdnet.co.uk: Don't leave alternative browsers all at sea. Read more

25 April 2005 Guides, Papers, etc www.benedelman.org: Misleading Installations of the Week: PacerD, and Claria's Dope Wars. Read more www.preferredcomputers.com: Understanding and Preventing Spyware in the Enterprise. Read more www.eecis.udel.edu: Distributed Worm Simulation with a Realistic Internet Model. Read more   News www.usatoday.com: Microsoft expected to ignite 64-bit computing. Read more mdn.mainichi.co.jp: Suspected antivirus glitch disrupts newspaper LAN systems. Read more www.yomiuri.co.jp: Virus Buster LAN failures caused by human error. Read more news.zdnet.co.uk: Yahoo opens up dead Marine's email. Read more www.ecommercetimes.com: E-Commerce Sites Forced To Adopt Security Standards. Read more www.usatoday.com: 'Pharmers' hit online bank users with fraud scam. Read more www.securitynewsportal.com: Alleged World of Hell hacker RaFa arrested in Miami by FBI. Read more uk.builder.com: Stroustrup: C++ is growing. Read more

24 April 2005 Guides, Papers, etc www.rootkit.com: Hide user mode debuggers from executables with debbuger detection. Read more www.vulndev.org: SInAR. A Cross architecture Solaris rootkit the development of which is aimed to both increase understanding of the Solaris OS and to show that it's not just the external threats that a Solaris Admin should worry about. Read more www.acm.uiuc.edu: Introduction to Reverse Engineering Software. Read more   Vulnerabilities & Exploits www.frsirt.com: KDE Kommander Arbitrary Code Execution Vulnerability. Read more www.frsirt.com: OneWorldStore "chksettings.asp" Denial of Service Vulnerability. Read more www.frsirt.com: PixySoft E-Cart Remote Command Execution Vulnerability. Read more www.frsirt.com: ASPNuke Cross Site Scripting and SQL Injection Vulnerabilities. Read more www.frsirt.com: FlexPHPNews "news.php" Remote SQL Injection Vulnerability. Read more www.securitytracker.com: Novell Nsure Audit 'webadmin.exe' Lets Remote Users Cause the System to Stop Responding. Read more www.securitytracker.com: WoltLab Burning Board Input Validation Hole in 'thread.php' in 'hilight' Parameter Permits Cross-Site Scripting Attacks. Read more   News www.zone-h.org: Hushmail.com defaced by means of DNS redirection UPDATED. Read more www.pcworld.com: PC Zombies Invade China. Read more www.securitypronews.com: Adware Adds Up To Cash. Read more www.syracuse.com: Guard against Internet 'phishing'. Read more infotech.indiatimes.com: Viruses play unfair games on cell phones. Read more

23 April 2005 Guides, Papers, etc www.cs.berkeley.edu: The Threat of Internet Worms. Read more www.viruslist.com: Malware Evolution: January - March 2005. Read more www.securitypipeline.com: Hotspot Hacking And How To Fight It. Read more   Vulnerabilities & Exploits www.securitytracker.com: ASP Nuke Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: MailEnable HTTPMail Vulnerability Has Unspecified Impact. Read more www.securitytracker.com: KDE kimgio PCX Processing Error Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: KDE Kommander May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Xine MMST and RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: OneWorldStore 'chksettings.asp' Lets Remote Users Deny Service. Read more www.securitytracker.com: Yawcam Directory Traversal Flaw Lets Remote Users View Arbitrary Files. Read more www.securitytracker.com: E-Cart Mod Input Validation Hole in 'art' Parameter Lets Remote Users Execute Arbitrary Commands. Read more   News www.theregister.co.uk: MP3 zapping malware worms onto P2P network. Read more news.zdnet.com: Virus pits itself against music pirates. Read more www.channelregister.co.uk: Credit card firms push cybersecurity. Read more www.theregister.co.uk: Privacy watchdog warns job seekers to beware. Read more news.zdnet.com: Security guru wants access to bug databases. Read more news.zdnet.com: C++ creator upbeat on its future. Read more www.eweek.com: Torvalds Gives Inside Skinny on Git. Read more www.thewhir.com: AOL, Cyota Team to Fight Phishing. Read more news.zdnet.com: Firewall to zap XML viruses. Read more www.techweb.com: Worm Lull, Windows XP SP2 Keeping Outbreaks At Bay. Read more news.com.com: This week in security. Read more

22 April 2005 Guides, Papers, etc recon.cx: REcon 2005. Read more www.eecs.umich.edu: Worm Hotspots: Explaining Non-Uniformity in Worm Targeting Behavior. Read more   Vulnerabilities & Exploits www.securitytracker.com: phpBB Auction Mod Lets Remote Users Inject SQL Commands and Determine the Installation Path. Read more www.securitytracker.com: LG Electronics U8120 Phone MIDI File Processing Error Lets Remote Users Deny Service. Read more www.securitytracker.com: Acrobat Reader Invalid-ID-Handle-Error Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securiteam.com: Multiple Exploit Codes for Oracle (interMedia, DBMS_CDC_SUBSCRIBE, DBMS_CDC_ISUBSCRIBE and DBMS_METADATA). Read more www.securiteam.com: PMSoftware Simple Web Server Remote Buffer Overflow (Exploit). Read more www.securiteam.com: ICMP Attacks Against TCP Vulnerability Exploit. Read more www.securiteam.com: BitchX Buffer Overflow. Read more www.debian.org: DSA-713-1 junkbuster -- several vulnerabilities. Read more www.debian.org: DSA-701-2 samba -- integer overflows. Read more   News www.securityfocus.com: Privacy watchdog warns job seekers to beware. Read more www.cyprus-mail.com: Taking over a webcam: a standard part of the virus writer�s arsenal. Read more www.theregister.co.uk: Peeping Tom Trojan suspect cuffed in Cyprus. Read more www.newsfactor.com: Smartphone Viruses: 52 and Counting. Read more www.theregister.co.uk: Longhorn is big - no, this time we mean it. Read more www.securityfocus.com: Watching the Watchers. Misuse of database information by insiders happens everyday, and there's little we can do about it. Read more www.vnunet.com: Apple slapped for sloppy security response. Read more www.vnunet.com: Google travels back in search time. Read more

21 April 2005 Updated: Trojan News March Guides, Papers, etc www.eweek.com: Worm Early Warning System Late to the Game. Read more www.pakcon.org: PAKCON II, Pakistan's Underground Hacking Convention. Call for Papers. Read more informit.com: Strategies of Computer Worms. Read more www.bluesecurity.com: P2P Exploited to Spam Millions of Users. Read more www.securityfocus.com: Apple's Big Virus. Read more www.eweek.com: Automatic Protection Systems Are Too Dumb and Too Fast. Read more   Vulnerabilities & Exploits www.securitytracker.com: MPlayer MMST and RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: RealPlayer Enterprise Buffer Overflow in 'pnen3260.dll' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: LogWatch Regular Expression Error May Let Users Deny Service to Avoid Detection. Read more www.securitytracker.com: Ocean12 Calendar Manager Input Validation Errors Permit SQL Injection Attacks. Read more www.securitytracker.com: Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code. Read more www.securiteam.com: Sumus Remote Buffer Overflow Exploit. Read more   News www.vnunet.com: Bank attack used key-loggers costing just �20. Read more www.eweek.com: Researchers Propose Early Warning System for Worms. Read more www.theregister.co.uk: WiPhishing hack risk warning. Read more www.newsfactor.com: Sober Worm Given New Life. Read more itvibe.com: New Sober worm variant causing trouble. Read more www.eweek.com: High-Risk RealPlayer Hole Patched. Read more www.eweek.com: NY Attorney General Spitzer Targets Identity Theft. Read more www.eweek.com: AOL Begins Blocking Phishing Sites. Read more www.theregister.co.uk: Microsoft patents 911. Read more www.theregister.co.uk: UK court orders ISPs to unmask 33 filesharers. Read more www.cellular-news.com: Mobile phone viruses on the rise. Read more www.eweek.com: Open-Source CVS Project Plugs Security Leaks. Read more

20 April 2005 Updated: Trojan News March Guides, Papers, etc www.viruslist.com: Malware Evolution: January - March 2005. Read more www.astalavista.com: Tracking the Attacker. Read more www.exploitx.com: Troubleshooting Linux� Firewalls. Read more www.professionalsecurity.co.uk: Cybercrime wars. Read more www.securitypark.co.uk: The Spyware Plague: No Cure for the Enterprise. Read more   Tools: ophcrack.sourceforge.net: Ophcrack version 2.0 is a windows password cracker based on the faster time-memory trade-off using rainbow tables. Read more   Vulnerabilities & Exploits www.securitytracker.com: Sun Solaris May Let Local Users Hijack Non-Privileged Port Services. Read more www.securitytracker.com: CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service. Read more www.securitytracker.com: WheresJames Webcam Publisher Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: proFile Input Validation Bugs Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: PortalApp Input Validation Holes in 'ContentId', 'CatId', 'ContentTypeId', and 'ForumId' Parameters Permit Cross-Site Scripting Attacks. Read more www.securiteam.com: PostgreSQL Remote DoS (plpgsql). Read more www.securiteam.com: Microsoft Exchange X-LINK2STATE Heap Overflow PoC (MS05-021). Read more www.securiteam.com: Openssl-Too-Open: Apache / OpenSSL Remote Exploit. Read more www.securiteam.com: Webcam Publisher Buffer Overflow (Exploit). Read more www.greymagic.com: File Selection May Lead to Command Execution. Read more www.debian.org: DSA-712-1 geneweb -- insecure file operations. Read more www.debian.org: DSA-711-1 info2www -- missing input sanitising. Read more   News www.theregister.co.uk: Sober worm shakes Windows security. Read more news.zdnet.co.uk: IM security: The worst is yet to come. Read more www.wired.com: U.S. Military's Elite Hacker Crew. Read more news.com.com: Worms whack half of businesses. Read more www.vnunet.com: Consumers make it easy for e-commerce hackers. Read more www.theregister.co.uk: Unholy trio menace Firefox. Read more www.theregister.co.uk: Teenagers want computer security lessons. Read more www.theinquirer.net: Top ten Firefox browser annoyances. Read more australianit.news.com.au: ISPs team to fight DNS attack. Read more news.com.com: Finns tout new anti-P2P tool. Read more news.com.com: Prison terms on tap for 'prerelease' pirates. Read more www.pcworld.com: Four Arrested in Game Piracy Sting. Read more

19 April 2005 Updated: Trojan News March Guides, Papers, etc www.securityfocus.com: Teenagers struggle with privacy, security issues. Read more www.astalavista.com: Identity Theft. Read more www.astalavista.com: 802.11 Security. Read more arxiv.org: Analyzing Worms and Network Traffic using Compression. Read more www.oracle.com: Oracle, Critical Patch Update - April 2005. Read more nzeka-labs.com: KSpyware's code cource (in Perl). Read more   Vulnerabilities & Exploits www.idefense.com: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability. Read more www.debian.org: DSA-710-1 gtkhtml -- null pointer dereference. Read more www.mikx.de: Firelinking - Proof-of-Concept. Read more   News www.theregister.co.uk: Save us from spam. Read more www.techtree.com: Symantec Takes on Spyware. Read more news.com.com: Microsoft to license test software for real-world use. Read more news.com.com: IRS flaws open door to identity theft. Read more www.computerworld.com: IRS security flaws expose taxpayer data to snooping, GAO finds. Read more www.computerworld.com: Sidebar: Security Tools Not Enough, Say Execs. Read more

18 April 2005 Updated: Trojan News March Guides, Papers, etc www.benedelman.org: Misleading Installations of the Week: Claria and 180 at Kids Sites. Read more www.simson.net: AVOIDING THE CYBER PANDEMIC: A Public Health Approach to Preventing Malware Propagation. Read more   Vulnerabilities & Exploits www.securiteam.com: Vulnerabilities in TCP/IP Allow Remote Code Execution and DoS (MS05-019, Exploit). Read more www.securiteam.com: Serendipity exit.php SQL Injection (Exploit). Read more www.securiteam.com: Explorer.exe WMF Parsing DoS (Exploit). Read more remahl.se: AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability. Read more   News www.usatoday.com: Hacker invades Anchorage airport Web site. Read more news.zdnet.com: Microsoft plans massive Windows ad campaign. Read more news.zdnet.com: FAQ: Getting a handle on Longhorn. Read more www.vnunet.com: Fortinet in court for hiding Linux in its code. Read more www.earthtimes.org: Reuters quells Kelvir challenge, IM service back on. Read more

17 April 2005 Updated: Trojan News March Guides, Papers, etc www.ebcvg.com: Zombie Computers. Read more www.astalavista.com: DoS Defense in Structured Peer-to-Peer Networks. Read more www.astalavista.com: MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. Read more   Vulnerabilities & Exploits www.securitytracker.com: Firefox Sidebar '_search' Processing Error Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Firefox Search Plug-in Lets Remote Users Execute Scripting Code in Active Tabs. Read more www.securitytracker.com: Mozilla Search Plug-in Lets Remote Users Execute Scripting Code in Active Tabs. Read more www.securitytracker.com: Firefox Browser XPInstall Engine May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Mozilla Browser XPInstall Engine May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apple OS X Integer Overflow in searchfs() Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Apple OS X setuid/setgid Support May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Apple OS X semop() Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Apple OS X Syscall Emulation Buffer Overflow Lets Local Users Deny Service. Read more www.securitytracker.com: Apple Safari Javascript Flaw Lets Remote Users Execute Arbitrary Javascript in the Context of the Local Domain. Read more www.securitytracker.com: WinHex Can Be Crashed With Maformed Filename. Read more www.securitytracker.com: PHP-Nuke Input Validation Hole in Surveys Module Permits HTTP Response Splitting Attacks. Read more www.securitytracker.com: DameWare Discloses Passwords to Local Users. Read more www.frsirt.com: Mozilla Firefox Sidebar Code Execution Proof of Concept Exploit. Read more www.frsirt.com: Mozilla Suite and Firefox "favicons" LINK Code Execution Exploit. Read more www.debian.org: DSA-709-1 libexif -- buffer overflow. Read more   News www.webpronews.com: Mozilla Updates For Security. Read more www.keralanext.com: Asia ; Nearly 7,600 new malware detected in first three months. Read more www.infoworld.com: Polo Ralph Lauren confirms HSBC data security problem. Read more publications.mediapost.com: Adware Firms Up The Ante On Anti-Spyware. Read more www.zwire.com: The need for homepage security. Read more

16 April 2005 Guides, Papers, etc www.securityfocus.com: Introduction to Spyware Keyloggers. Read more www.macnewsworld.com: New Era of Deadly Spyware Approaches. Read more www.pcworld.com: The (Uphill) Battle Against Spyware. Read more www.securityfocus.com: Privacy groups assail future passport technology. Read more informationweek.com: Q&A: Allchin Talks Turkey About Longhorn. Read more   Vulnerabilities & Exploits xforce.iss.net: CA BrightStor ARCServe Backup Remote Compromise. Read more www.securitytracker.com: RSA Authentication Agent for Web for IIS Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Webmin May Let Users Change the Permissions and Ownership of Configuration Files. Read more www.securitytracker.com: Usermin May Let Users Change the Permissions and Ownership of Configuration Files. Read more www.securitytracker.com: Ariadne Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: OneWorldStore Input Validation Flaws Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: FreeBSD Kernel ifconf() Discloses Kernel Memory Contents to Local Users. Read more www.securitytracker.com: Musicmatch Jukebox Lets Local Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting Attacks. Read more   News news.zdnet.co.uk: Microsoft silent over IP vulnerability claims. Read more www.eweek.com: Where's That Windows Media Player Update? Read more informationweek.com: Reuters IM Worm Attack Seen As 'Wake-Up. Read more www.theregister.co.uk: Virus writers have girlfriends - official. Read more www.theregister.co.uk: George Bush fears email privacy breach. Read more www.theregister.co.uk: IM worm hits Reuters. Read more www.pcworld.com: Microsoft Details More Longhorn Features. Read more software.silicon.com: Microsoft shuts down anti-SP2 tool. Read more www.vnunet.com: Arrests highlight offshore risks. Read more www.vnunet.com: Record industry sues 400 campus downloaders. Read more thebosh.com: Internet2 hot. The Recording Industry Association of America (RIAA), acting on behalf of major record companies has filed legal action against the students at 18 colleges across the US, alleging they illegally downloaded and swapped music files using a lightening-fas. Read more

15 April 2005 Guides, Papers, etc www.securityfocus.com: Privacy From the Trenches. Read more www.ics.forth.gr: Efficient Content-Based Detection of Zero-DayWorms. Read more www.vnunet.com: Kevin Mitnick and the art of intrusion - Part 2. Read more   Vulnerabilities & Exploits www.securitytracker.com: Axel Buffer Overflow in Processing HTTP Location Values Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Kerio MailServer WebMail Viewing Flaw Lets Remote Users Deny Service. Read more www.securitytracker.com: Pavuk Buffer Overflows Have Unspecified Impact. Read more www.securitytracker.com: Sun Solaris ICMP Processing Error Lets Remote Users Deny Service. Read more www.securitytracker.com: CalendarScript Discloses Installation Path and Debug Information to Remote Users and Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: EasyPHPCalendar Discloses Installation Path to Remote Users and Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: VHCS Input Validation Errors Permit SQL Injection Attacks. Read more www.securitytracker.com: IlohaMail Input Validation Bugs in 'read_message.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Serendipity Input Validation Error in 'exit.php' Permits SQL Injection Attacks. Read more www.securitytracker.com: WatchGuard Firebox ICMP Processing Errors Let Remote Users Deny Service. Read more www.frsirt.com IBM WebSphere Application Server JSP Source Code Disclosure Issue. Read more www.frsirt.com Sun ONE and Sun Java System Directory Servers LDAP Buffer Overflow. Read more www.frsirt.com Sun Java System Web Server Denial of Service Vulnerability. Read more www.securiteam.com: Internet Explorer DHTML Arbitrary Code Execution (MS05-020). Read more www.securiteam.com: Microsoft JET Reverse Shell Buffer Overflow Exploit. Read more www.hyperdose.com: Arbitrary file overwrite in Musicmatch. Read more www.debian.org: DSA-708-1 php3 -- missing input sanitising. Read more www.security.nnov.ru: Internet Explorer wininet.dll URL parsing memory corruption details. Read more   News www.reuters.com: Worm Prompts Temporary Shutdown of Reuters Messaging. Read more news.zdnet.co.uk: OpenOffice confirms hack attack risk. Read more news.zdnet.co.uk: Office flaw exploit code published. Read more news.bbc.co.uk: Home workers 'pose security risk'. Read more www.theregister.co.uk: Beware of toxic blogs. Read more news.com.com: Blog censorship gains support. Read more news.zdnet.co.uk: Banks nearing agreement on Web security. Read more itvibe.com: Premium rate dialer virus writer sentenced. Read more

14 April 2005 Guides, Papers, etc www.antiphishing.org: Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks and Consumer Fraud. Read more www.astalavista.com: Role Comparison Report � Web Server Role. Read more   Vulnerabilities & Exploits www.securitytracker.com: IBM Domino Server Buffer Overflow in Date/Time Field Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Veritas i3 FocalPoint Server Has Vulnerability With Unspecified Impact. Read more www.securitytracker.com: Oracle Database Has Unspecified Vulnerabilities in Multiple Components. Read more www.securitytracker.com: Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code. Read more www.geotrust.com: VULNERABILITY OF FIRST-GENERATION DIGITAL CERTIFICATES Rev 1.1 AND POTENTIAL FOR PHISHING ATTACKS AND CONSUMER FRAUD. Read more www.securitytracker.com: Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: MSN Messenger GIF File Image Parameter Processing Lets Remote Users Execute Arbitrary Code. Read more www.debian.org: DSA-707-1 mysql -- several vulnerabilities. Read more www.debian.org: DSA-706-1 axel -- buffer overflow. Read more   News www.theregister.co.uk: Eight patches - five critical - in MS April patch batch. Read more australianit.news.com.au: New MS security holes found. Read more www.theregister.co.uk: Anti-spyware group collapses. Read more www.theregister.co.uk: Mobile botnet threat downplayed. Read more news.zdnet.com: Security breach laws become state's rights issue. Read more www.zdnet.com.au: 'Human firewall' a crucial defence: Mitnick. Read more www.theregister.co.uk: It's official: ChoicePoint, LexisNexis rooted many times. Read more www.vnunet.com: Virus writer steals �70,000 in three days. Read more www.zdnet.com.au: Bigger phishes ready to spawn. Read more www.pcauthority.com.au: Hackers spread worms through blogs. Read more www.zdnet.com.au: IBM on the hunt for Firefox programmers. Read more australianit.news.com.au: Stronger security for banks. Read more

13 April 2005 Guides, Papers, etc A Methodology for Detecting New Binary Rootkit Exploits. Read more www.arl.wustl.edu: Application of Hardware Accelerated Extensible Network Nodes for Internet Worm and Virus Protection. Read more www.windowsitpro.com: Understanding the Windows XP SP2 Blocking Mechanism. Read more www.astalavista.com: BLUETOOTH TOOLS. Read more www.geotrust.com: Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks and Consumer Fraud. Read more   Tools: www.eeye.com: eEye Launches Free Retina WiFi Scanner to Address the Growing Business Concern of Wireless Network Security. Read more   Vulnerabilities & Exploits www.frsirt.com: Microsoft Word Remote Code Execution Vulnerabilities (MS05-023). Read more www.frsirt.com: MSN Messenger GIF Handling Remote Code Execution (MS05-022). Read more www.frsirt.com: Microsoft Exchange Server Remote Code Execution (MS05-021). Read more www.frsirt.com: Microsoft Internet Explorer Code Execution Vulnerabilities (MS05-020). Read more www.frsirt.com: Microsoft Windows TCP/IP Remote Code Execution and DoS (MS05-019). Read more www.frsirt.com: Microsoft Windows Kernel Local Privilege Escalation and DoS (MS05-018). Read more www.frsirt.com: Microsoft Message Queuing Remote Buffer Overflow (MS05-017). Read more www.frsirt.com: Microsoft Windows Shell Code Execution Vulnerability (MS05-016). Read more www.securitytracker.com: Cisco IOS ICMP PMTUD Attackes Let Remote Users Deny Service. Read more www.securitytracker.com: ACNews Input Validation Hole in 'login.asp' Yields Administrative Access to Remote Users. Read more www.securitytracker.com: OpenOffice StgCompObjStream::Load() Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: zOOm Media Gallery Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: Gld Format String Flaws and Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges. Read more www.securiteam.com: PunBB change_email SQL Injection. Read more   News Microsoft Security Bulletin MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711). Read more www.zdnet.com.au: Microsoft plugs up critical holes in Windows. Read more www.zdnet.com.au: Unpatched flaw found in Microsoft software. Read more www.zdnet.com.au: BigPond disconnecting Trojan-infected customers. Read more www.zdnet.com.au: Microsoft offers no choice on Windows XP SP2. Read more www.isp-planet.com: An Extreme Phight Against Phishing. Read more

12 April 2005 Guides, Papers, etc Computer Security Mexico 2005 Palacio de Mineria, May 26th - May 27th, 2005. Read more www.cise.ufl.edu: Defending Against Internet Worms: A Signature-Based Approach. Read more www.security-assessment.com: Bugger The Debugger- Pre Interaction Debugger Code Execution. Read more www.security-assessment.com: A Day in the Life of a Hacker. Read more www.security-assessment.com: A Step into the Computer Underworld. Read more www.security-assessment.com: Shoot the Messenger - Shatter Attacks. Read more www.security-assessment.com: Advances in Web Application Hacking. Read more www.security-assessment.com: GoogleHack and PTP Hacking. Read more www.security-assessment.com: VOIP Hacking. Read more www.theregister.co.uk: Cyber Alert: crime hits the net. Read more   Vulnerabilities & Exploits www.frsirt.com: CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability. Read more www.frsirt.com: OpenOffice Document Handling Heap Overflow Vulnerability. Read more www.frsirt.com: Invision Power Board "memberlist.php" SQL Injection Vulnerability. Read more www.frsirt.com: KDE Desktop PCX Image Handling Buffer Overflow Vulnerability. Read more www.frsirt.com: Zoom Media Gallery "index.php" Remote SQL Injection Vulnerability. Read more www.frsirt.com: ModernBill PHP File Inclusion and Cross Site Scripting Vulnerabilites. Read more www.securitytracker.com: TowerBlog! Discloses Hashed Administrative Password to Remote Users. Read more www.securitytracker.com: rsnapshot copy_symlink() May Let Local Users Gain Elevated Privileges in Certain Situations. Read more www.securitytracker.com: P2P Share Spy Discloses Password to Local Users. Read more www.securitytracker.com: ModernBill Include File Error in Sample 'news.php' Script Lets Remote Users Execute Commands and Input Validation Holes in 'orderwiz.php' Permit Cross-Site Scripting Attacks. Read more www.securiteam.com: Linux Kernel Bluetooth Local Root (Exploit). Read more secunia.com: Sun Java JDK/SDK Jar Directory Traversal Vulnerability. Read more   News www.securityfocus.com: Campaign seeks to defang Rafa's hacker image. Read more www.securityfocus.com: Cleaning Up Disclosure. Read more www.infoworld.com: Brazilian arrested for '01 Airforce hacks. Read more security.itworld.com: Rootkit Web sites fall to DDOS attack. Read more www.nwfusion.com: Be secure: Think like bad guys. Read more www.silicon.com: Indian call centre staff in $350,000 Citibank theft. Read more www.pcworld.com: Microsoft Files Eight Counterfeiting Lawsuits. Read more www.microsoft.com: Microsoft and Gateway Lay Foundation for Future Cooperation, Resolve Antitrust Claims. Read more www.theregister.co.uk: Microsoft goes after Blackberry with Magneto. Read more www.theregister.co.uk: Linus Torvalds in bizarre attack on open source. Read more

11 April 2005 Guides, Papers, etc www.eweek.com: Tales of a Professional Social Engineer. Read more www.eweek.com: Shutting Down the Highway to Internet Hell. Read more www.exploitx.com: Click Fraud FAQ. Read more www.net-security.org: Malware comes of age: The arrival of the true computer parasite. Read more www.av-comparatives.org: Anti-Virus Comparative No. 5. Read more www.cise.ufl.edu: An Internet-Worm Early Warning System. Read more www.securitydocs.com: Malicious Codes in Depth. Read more www.zone-h.org: 2004 WEB SERVER INTRUSION STATISTICS. Read more   Vulnerabilities & Exploits www.securiteam.com: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability. Read more www.securiteam.com: SGI IRIX gr_osview Multiple Vulnerabilities. Read more www.securiteam.com: IBM Lotus Domino Server Web Service DoS (Exploit). Read more   News www.zdnet.com.au: Virus blocks access to antivirus Web sites. Read more www.crime-research.org: Big phishers can be hard to hook. Read more www.zdnet.com.au: Are firewalls pointless? Read more www.eweek.com: Will Click-Fraud Suits Hobble Search? Read more

10 April 2005 Guides, Papers, etc www.hackerhighschool.org: Hacker Highschool. LESSON 1 BEING A HACKER. Read more Hacker Highschool. LESSON 2. BASIC COMMANDS IN LINUX AND WINDOWS. Read more Hacker Highschool. LESSON 3 PORTS AND PROTOCOLS. Read more Hacker Highschool. LESSON 4 SERVICES AND CONNECTIONS. Read more Hacker Highschool. LESSON 5 SYSTEM IDENTIFICATION. Read more Hacker Highschool. LESSON 6 MALWARE. Read more Hacker Highschool. LESSON 7 ATTACK ANALYSIS. Read more Hacker Highschool. LESSON 8 DIGITAL FORENSICS. Read more Hacker Highschool. LESSON 9 E-MAIL SECURITY. Read more Hacker Highschool. LESSON 11 PASSWORDS. Read more www.securityfocus.com: Absolute Security is a Myth. Read more security.ucdavis.edu: Development of Computer Vulnerability Scanning Scanning Workgroup. Read more www.zone-h.org: 2004 WEB SERVER INTRUSION STATISTICS. Read more en.wikipedia.org: Steganography (hidden writing). Read more   Vulnerabilities & Exploits www.securitytracker.com: File Upload Script 'up.php' for phpBB Lets Remote Users Upload Arbitrary Files. Read more www.securitytracker.com: PostNuke Input Validation Holes in News Module Permits SQL Injection and in 'admin.php' and 'user.php' Permit Cross-Site Scripting Attacks. www.securitytracker.com: Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses. Read more www.securitytracker.com: Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses. Read more www.securitytracker.com: Ocean12 Membership Manager Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more zone-h.org: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3. Read more zone-h.org: Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2. Read more zone-h.org: GnomeVFS, libcdaudio: CDDB response overflow. Read more   News news.com.com: Google adds satellite images to maps. Read more news.com.com: Google queues up video. Read more www.washingtonpost.com: Can the Internet Have Borders? Read more www.jpost.com: Hacker cracks bank's computer code. Read more www.denverpost.com: Arrest made in breach of military website. Read more www.nationmultimedia.com: Secrets of the great hackers. Read more www.thewhir.com: Top Layer Defends DNS Cache Poisoning. Read more

09 April 2005 Guides, Papers, etc www.peterszor.com: EPOC EPOCalypse alypse NOW! �The volume of malicious code seems to be growing quicker than ever.� Read more www.astalavista.com: OUTSMARTING PERSONAL FIREWALLS. Read more www.astalavista.com: Computer viruses: The threat today and the expected future. Read more   Vulnerabilities & Exploits www.securitytracker.com: AN HTTP Server 'cmdIS.DLL' Buffer Overflow Lets Local Users Execute Arbitrary Code and Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: FirstClass Bookmark Input Validation Flaw Lets Users Execute Existing Local Files. Read more www.securitytracker.com: SurgeFTP LEAK Command Lets Remote Users Deny Service. Read more www.securitytracker.com: Macromedia ColdFusion MX Updater Discloses '.class' Files to Remote Users. Read more www.securitytracker.com: SGI IRIX gr_osview Lets Local Users Obtain Sensitive Information and Overwrite Arbitrary Files. Read more   News www.theregister.co.uk: Trojan leaps from bogus Windows Update site. Read more news.zdnet.co.uk: Hackers send flood of bogus Microsoft updates. Read more www.theregister.co.uk: Nine years in slammer for US spammer. Read more www.theregister.co.uk: DNS attacks attempt to mislead consumers. Read more www.smh.com.au: Software helps track child pornographers. Read more news.zdnet.co.uk: Microsoft issues DNS poisoning advisory. Read more

08 April 2005 SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included. Read more   Guides, Papers, etc tracking-hackers.evilcoder.org: The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks. Read more www.networkcomputing.com: Market Analysis: Storage Security. Read more searchsecurity.techtarget.com: Five steps for beating back the bots. Read more   Vulnerabilities & Exploits www.securitytracker.com: PopUp Plus Miranda IM Plugin Buffer Overflow Lets Remote Users Execute Arbitrary Code. read more www.securitytracker.com: CubeCart Discloses Installation Path to Remote Users. Read more www.securitytracker.com: sCssBoard Has a Cross-Site Scripting Flaw and Other Unspecified Vulnerabilities With Unspecified Impact. Read more www.securitytracker.com: Litecommerce Input Validation Bugs in 'cart.php' Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: FTP Now Discloses Passwords to Local Users. Read more   News www.securityfocus.com: DNS attacks attempt to mislead consumers. Read more www.theregister.co.uk: Dating site hack suspect arrested. Read more news.zdnet.co.uk: Security guru warns of cyberpolice shortage. Read more news.zdnet.co.uk: Russian hackers 'the best in the world'. Read more www.theregister.co.uk: US tops junk mail list of shame - again. Read more www.theregister.co.uk: Police hard drive sold on eBay. Read more www.vnunet.com: Firms ignore USB threat. Read more news.zdnet.co.uk: CA flaws opens users up to DoS attacks. Read more www.eeproductcenter.com: Security In The Palm of Your Hand. Read more

07 April 2005 Guides, Papers, etc www.securityfocus.com: Defeating Honeypots: System Issues, Part 2. Read more www.csoonline.com: Spy Versus Spy: Is Somebody Spying on You? Read more www.cs.purdue.edu: Worm Meets Beehive. Read more www.eweek.com: IT Admins Must 'Think Like Hackers'. Read more www.pulltheplug.org: Wargames. Vortex: By touring through the most common exploitable bugs, users of this wargame are expected to have gained mastery in the basic fundamentals of system exploitation. Read more   Vulnerabilities & Exploits www.securitytracker.com: Cisco IOS IKE Authentication Bugs Let Remote Users Bypass Xauth Authentication to Gain Access to Hosts and Resources. Read more www.securitytracker.com: DameWare Mini Remote Control Lets Remote Authenticated Users Gain Elevated Privileges. Read more www.securitytracker.com: HP OpenView Network Node Manager Has Unspecified Flaw That Lets Remote Users Deny Service. Read more www.securitytracker.com: FreeBSD AMD64 Hardware Access Bitmap Error Lets Local Users Obtain Elevated Privileges. Read more www.securitytracker.com: Active Auction House Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: eTrust Intrusion Detection CPImportKey() Buffer Overflow Lets Remote Users Deny Service. Read more www.securiteam.com: Cyrus IMAP Server Preauthentification Overflow. Read more   News news.zdnet.com: Trojan horse takes down smart phones. Read more www.vnunet.com: New mobile malware wipes phones. Read more www.theregister.co.uk: Linus Torvalds defers closed source crunch. Read more www.pcworld.com: Web Postcards Hide Trojan Horse Programs. Read more www.theregister.co.uk: Hacker law change gets �elevator pitch� in parliament. Read more www.theregister.co.uk: Browser bugs sprout eternal. Read more www.theregister.co.uk: Ericsson hacker jailed for three years. Read more www.iht.com: Opening eyes to hackers. Read more australianit.news.com.au: Improved security for Messenger 7. Read more www.theregister.co.uk: Desktop Linux vs. Windows - don't get emotional. Read more news.zdnet.com: IT pros consider desktop Linux. Read more www.vnunet.com: IT managers ignore mobile security. Read more searchsecurity.techtarget.com: How 20% effort can get you 80% security. Read more software.silicon.com: SP2: Businesses slowly accepting Windows update. Read more www.cbronline.com: Microsoft confident on Windows XP SP2 despite user caution. Read more

06 April 2005 Guides, Papers, etc www.microsoft.com: Technical Overview of Windows Server 2003 Service Pack 1 (SP1). Read more www.securityfocus.com: Windows 2003 SP1. Read more www.microsoft.com: The Day After: Your First Response To A Security Breach. Read more isc.sans.org: March 2005 DNS Poisoning Summary. Read more www.nhtcu.org: HI-TECH CRIME THE IMPACT ON UK BUSINESS 2005. (pdf) Read more www.security.org.sg: JSP Backdoor Reverse Shell Analysis. Read more www.security.org.sg HTML files in Local Computer Zone. Users are normally aware of the risk associated with opening unknown EXE, COM, SCR or PIF files that might contain Trojan horses. However, users usually assume that HTML files will not cause any harm to their systems and are safe to open. In this report, we analyse a HTML file containing malicious VB script that extracts and executes a malicious EXE when opened in Local Computer Zone. Read more www.whatthehack.org What The Hack is an outdoor hacker conference/event taking place on a large event-campground in the south of The Netherlands from 28 until 31 July 2005. Read more Datenbank Rootkits (English Language)   Tools: www.security.org.sg: Win2K/XP SDT Restore 0.2 (Proof-Of-Concept) Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking. This technique is typically implemented by modifying the ServiceTable entries in the Service Descriptor Table (SDT). This allows kernel rootkits to hide files, processes, and to prevent process termination. This proof-of-concept tool demonstrates the possibility of defeating such rootkits by removing Kernel Native APIs hooks and restoring the SDT back to its original state. Read more www.security.org.sg: Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept). Win32 Kernel Rootkits hide running processes from users using techniques like Kernel Native API Hooking, or by directly unlinking the process's EPROCESS entry from ActiveProcessLinks. Such techniques are very effective in hiding processes, and are very difficult to detect with user-mode tools. This proof-of-concept tool demonstrates how hidden processes can be detected by directly traversing both the Kernel's ActiveProcessList and the Kernel scheduler's ETHREAD lists. This tool can also traverse the Kernel's PsLoadedModuleList to detect kernel modules/drivers that are hidden by hooking the ZwQuerySystemInformation native API. Read more www.security.org.sg: AntiHookExec Version 1.0 (Anti API Hooking Proof-Of-Concept). API hooking is a useful technique that can be used to monitor API calls used by Win32 programs. This allows understanding of the programs' functionalities based on the APIs that are called and their input parameters. However, API hooking is also used by rootkits and other malicious code to modify the behaviour of certain APIs to hide files, network ports, processes or services. his proof-of-concept code demonstrates how to overcome some of the user space API hooking techniques to execute a specified EXE that is free from API hooks. This program has been tested to work against HackDefender Version 1.0 rootkit for Windows. Read more www.security.org.sg: Windows Key Logging and Counter-Measures. Read more   Vulnerabilities & Exploits www.ngssoftware.com: Sybase ASE Multiple Security Issues. Read more www.securitytracker.com: Remstats Lets Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Gaim Can Be Crashed By Remote Users Sending Invalid Jabber File Transfer Requests. Read more www.securitytracker.com: GetDataBack for NTFS Discloses License Key to Local Users. Read more www.securitytracker.com: Netscape Browser Javascript Regex Parsing Error Discloses Memory to Remote Users. Read more www.securitytracker.com: phpMyAdmin Input Validation Bug in 'convcharset' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: FreeBSD sendfile(2) Discloses Kernel Memory. Read more www.securitytracker.com: PayProCart Authentication Bug Grants Remote Users Administrative Access and Input Validation Hole Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: PHP-Nuke Input Validation Flaws in Search, FAQ, and Banners Modules Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: SonicWALL SOHO/10 Firewall Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com ArGoSoft FTP Server Buffer Overflow Exploit (DELE). Read more www.securiteam.com phpBB Calendar Pro catergory Parameter SQL Injection. Read more www.securiteam.com Vulnerability in WINS Allow Remote Code Execution (Exploit, MS04-045). Read more   News www.theregister.co.uk: Google and Yahoo! accused of click fraud collusion. Read more home.businesswire.com: IMlogic Threat Center Reports Steady Rise in Targeted Attacks on Instant Messaging Networks in Q1 2005. Read more www.theregister.co.uk: In praise of Windows 2003 SP1. Read more www.theregister.co.uk: eCrime cost UK.biz �2.4bn in 2004. Read more news.zdnet.co.uk: HSBC deluged by viruses. Read more www.detnews.com: Experts fear wireless computer viruses. Read more www.smh.com.au: Virus attacks up 50% in 2004: study. Read more www.newsfactor.com: Mabir.A Phone Virus Uses Social Networking. Read more www.theregister.co.uk: Sybase invokes licence gag in flaw disclosure row. Read more

05 April 2005 Guides, Papers, etc Datenbank Rootkits (German Language) www.exploitx.com: How to write remote exploits ( V. 1.1). Read more www.exploitx.com: The Arti of Rootkits. Read more   Tools: red-database-security.com: Repscan is a repository integrity scanner for Oracle databases. You can use repscan to find database rootkits. Read more   Vulnerabilities & Exploits www.securitytracker.com: MailEnable Unspecified Bugs in IMAP and SMTP Services Let Remote Users Deny Service. Read more www.securitytracker.com: Mozilla Browser Javascript Regex Parsing Error Discloses Memory to Remote Users. Read more www.securitytracker.com: Mozilla Firefox Javascript Regex Parsing Error Discloses Memory to Remote Users. Read more www.securitytracker.com: Comersus Input Validation Hole in 'username' Field Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Turnkey Websites Shopping Cart Input Validation Bugs Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: 'Yet Another Forum.net' Input Validation Holes Permits Cross-Site Scripting Attacks. Read more aluigi.altervista.org: An introduction to the Fake players bug and DoS 0.1.1. Read more class101.org: BakBone NetVault Local Stack Buffer Overflow. (pdf) Read more   News www.theregister.co.uk: Join Microsoft. Save the world. Read more news.com.com: Mabir virus comes a-calling. Read more www.cio-today.com: Virus Writers Target Mobile Phones. Read more www.pcauthority.com.au: Hackers want cash, not fame. Read more www.theregister.co.uk: Text me and I'll reply with a virus. Read more www.smh.com.au: Phishing suspect nabbed in Estonia. Read more www.theregister.co.uk: Trojan phishing suspect hauled in. Read more www.theregister.co.uk: Hacking Google for fun and profit. Read more www.exploitx.com: Fraud over the net. Read more news.zdnet.co.uk: UK citizens confused by security terminology. Read more

04 April 2005 Guides, Papers, etc www.detnews.com: Hot spots for hackers: Wireless networks. Read more nwc.securitypipeline.com: 7 Myths About Network Security. Read more   News www.zdnet.com.au: MSN Messenger spreads worm, not love. Read more www.bizjournals.com: Toward more secure ATMs. Read more www.vnunet.com: Financial spam booms as tax year ends. Read more www.pcmag.com: WordPress Under Fire for Search-Engine Spamming. Read more www.zdnet.com.au: PHP flaw threatens photo uploads. Read more www.arnnet.com.au: New bugs found in Outlook, Internet Explorer. Read more www.bsudailynews.com: Company helps military fight against hackers. Read more

03 April 2005 Guides, Papers, etc www.computerworld.com: Log-on type codes revealed. Read more www.computerworld.com: Tips on testifying in a computer crimes case. Read more   Tools: AFX Rootkit 2005 by Aphex This program patches Windows API to hide certain objects from being listed. Current Version Hides: a) Processes b) Handles c) Modules d) Files & Folders e) Registry Keys & Values f) Services g) TCP/UDP Sockets h) Systray Icons   Vulnerabilities & Exploits www.securitytracker.com: SiteEnable Lets Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Linux ext2_make_empty() Discloses Information to Remote and Local Users. Read more www.securitytracker.com: bzip2 Race Condition Lets Local Users Modify Permissions of Certain Files. Read more www.securitytracker.com: AlstraSoft EPay Pro Include File and Input Validation Holes Let Remote Users Execute Commands and Conduct Cross-Site Scripting Attacks. Read more   News nwc.systemsmanagementpipeline.com: March's Bug Story: Old Worms and Phishing in the Office. Read more www.computerworld.com: DNS 'pharming' attacks target .com domain. Read more news.zdnet.co.uk: Police: New laws won't tackle cybercrime. Read more news.zdnet.co.uk: Official: Cybercrime is growing. Read more

02 April 2005 Guides, Papers, etc www.theregister.co.uk: Hardware is secure (false). Read more Honeycomb. Creating Intrusion Detection Signatures Using Honeypots. Read more www.honeyd.org: Disabling Worms With Honeypots and Active Immunization. Read more survey.mailfrontier.com: MailFrontier Phishing IQ Test � UK Edition. Read more hackaholic.org: Hacking Unix Second Edition. Read more   Vulnerabilities & Exploits www.hexview.com: Microsoft Jet DB engine vulnerabilities. Read more www.securitytracker.com: NetVault Buffer Overflows Let Local and Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: IRC Services LISTLINKS Discloses Link Lists to Remote Users. Read more www.securitytracker.com: paBugs Lets Remote Authenticated Users Execute Arbitrary Commands. Read more www.securitytracker.com: BlueSoleil Object Push Directory Traversal Flaw Lets Remote Users Send Files to Arbitrary Locations. Read more www.securitytracker.com: MX Kart Input Validation Holes in 'category', 'manufacturer', and 'pages' Modules Permit SQL Injection. Read more www.securitytracker.com: paBugs Lets Remote Authenticated Users Execute Arbitrary Commands. Read more www.securitytracker.com: BlueSoleil Object Push Directory Traversal Flaw Lets Remote Users Send Files to Arbitrary Locations. Read more www.securitytracker.com: IRC Services LISTLINKS Discloses Link Lists to Remote Users. Read more www.securitytracker.com: MX Kart Input Validation Holes in 'category', 'manufacturer', and 'pages' Modules Permit SQL Injection. Read more www.securitytracker.com: MX Shop 'id_ctg' Input Validation Hole Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: PHP Infinite Loops in getimagesize() Lets Users Deny Service. Read more www.securitytracker.com: MaxWebPortal Input Validation Holes in 'events_functions' and 'links_add_form' Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.frsirt.com: PHP 4.x/5.x Denial of Service and Security Bypass Vulnerabilities. Read more www.frsirt.com: Linux Kernel Futex Functions Local Denial Of Service Vulnerability. Read more www.debian.org: DSA-703-1 krb5 -- buffer overflows. Read more www.debian.org: DSA-702-1 imagemagick -- several vulnerabilities. Read more www.caughq.org: Chat Service Users - "Oops! Wrong Window" Information Disclosure. Read more   News www.securitypipeline.com: CoolWebSearch, Dubbed Adware's "Ebola," Tops Spyware Threat List. Read more www.pcworld.com: New Bugs Found in Outlook, Internet Explorer. Read more news.zdnet.co.uk: Microsoft admits to flaw in Windows patch. Read more www.securitypipeline.com: Marketers Get Technology To Block User Attempts To Delete Cookies. Read more www.theregister.co.uk: MS takes rod to phishers. Read more www.theregister.co.uk: Lawsuits drive 'Spam King' Richter to bankruptcy. Read more

01 April 2005 Guides, Papers, etc www.benedelman.org: Threats Against Spyware Detectors, Removers, and Critics Threats and demands that certain software providers have made to those who detect, remove, and otherwise write about their products. Read more www.computerworld.com: Five mistakes of log analysis. Read more   Tools: hxdef.czweb.org: Hacker defender seems to have released a new version of his rootkit (available for 'only' 390 euros). Not (yet) detected by any of the popular rootkit detectors ... Read more www.cr0.net: CacheDump recovers cached domain logon credentials (usernames & password hashes). Read more www.fiddlertool.com: Fiddler is a HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Read more   Vulnerabilities & Exploits www.securitytracker.com: Linux Kernel Deadlock Error in futex Functions Let Local Users Deny Service. Read more www.securitytracker.com: Samsung ADSL Router Discloses Files to Remote Users and May Grant Root Access Via Common Default Passwords. Read more www.securitytracker.com: ASP-DEv XM Forum Input Validation Errors in 'posts.asp' Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: OpenBSD tcp(4) Bugs in Processing SACK Options Let Remote Users Deny Service. Read more www.securitytracker.com: Mailreader enriched/richtext MIME Type Filtering Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Cisco VPN 3000 SSL Processing Bug Lets Remote Users Deny Service. Read more www.securitytracker.com: Kerio Personal Firewall Access Controls Can Be Bypassed Via Application Masquerading. Read more www.securiteam.com: mtFTPd Server Format String (Exploit). Read more www.securiteam.com: Cyrus IMAP IMAPMAGICPLUS Buffer Overflow (Exploit). Read more   News news.com.com: Bug hunter gets bounty from Mozilla. Read more news.com.com: Microsoft launches 117 anti-phishing suits. Read more www.infoworld.com: Microsoft expands Windows piracy check on downloads. Read more www.zdnet.com.au: Microsoft develops cybercrime-fighting tools. Read more www.zdnet.com.au: Brad Pitt virus targets Microsoft. Read more www.securitypark.co.uk: The demise of traditional perimeter defences. Read more www.securitypark.co.uk: Stranger Danger: The Threat from Social Engineering. Read more www.vnunet.com: 'Old timers' fill March virus chart. Read more www.vnunet.com: Identity checks combat malware. Read more www.vnunet.com: CA to root out stray users. Read more news.com.com: Google enhances search for Firefox users. Read more

Copyright� MegaSecurity.org