Home    News Archive    Translate Traducen

News june 20004

30 june 2004 New Trojans: Netsys 2.0 Cab of Filth 1.2e English Ereet 2.0 (b) Tools: www.definitivesolutions.com: BHODemon is a free tool that will list all Browser Helper Objects that are installed on a Windows system by scanning the registry and give you the ability to disable them. This will also list "good" BHOs as well, but nevertheless is a useful tool in detecting and disabling malicious software. Read more Guides, Papers, etc isc.sans.org: New scam targets bank customers (pdf). Read more Vulnerabilities & Exploits www.securitytracker.com: HP Object Action Manager WebAdmin Flaw May Yield Access to Remote Users. Read more www.securitytracker.com: HP-UX ARPA Transport Unspecified Flaw Lets Local Users Deny Service. Read more www.securitytracker.com: Open WebMail Input Validation Flaw in 'vacation.pl' Lets Remote Users Execute Arbitrary Programs. Read more www.securitytracker.com: BEA WebLogic role-name Tag Error May Let Remote Users Access Applications. Read more www.securitytracker.com: D-Link DI-614+ DHCP LEASETIME Integer Overflow Lets Remote Users Deny Service. Read more www.securitytracker.com: MPlayer GUI TranslateFilename() Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server. Read more www.securitytracker.com: D-Link DI-614+ Router Can Be Crashed With Certain DHCP Requests. Read more News: www.theregister.co.uk: CoolWebSearch is winning Trojan war. Read more www.detnews.com: Computer virus steals Online banking information. Read more acmqueue.com: Security bug? My programming language made me do it! Read more news.zdnet.co.uk: Microsoft proposes Sender ID to jam spam. Read more www.theregister.co.uk: Anti-phishing group backs email authentication. Read more news.zdnet.co.uk: Survey: Nearly all phishing from forged addresses. Read more news.zdnet.co.uk: VeriSign launches spam-blocking service. Read more news.netcraft.com: Hackers Manipulating Internet Explorer Add-Ons. Read more news.zdnet.co.uk: Gates promotes isolation. Read more www.crime-research.org: Last week's most famous Russian hacker. Read more www.theregister.co.uk: Playboy 'hacker' jailed for two years. Read more software.silicon.com: Leader: Stupidest 'hacker' ever revealed. Read more www.adn.com: JAMES DERK: Viruses, viruses everywhere. Read more

29 june 2004 New Trojans: Remote Process Monitor 1.0 Backdoor.Terminate Backdoor.VB.jq Guides, Papers, etc www.securityfocus.com: Packet Crafting for Firewall & IDS Audits (Part 1 of 2). Read more Vulnerabilities & Exploits www.guninski.com: DoS in apache httpd 2.0.49, yet still apache much better than windows. Read more www.securitytracker.com: csFAQ Discloses Installation Path to Remote Users. Read more www.securitytracker.com: PowerPortal Input Validation Flaws Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: CuteNews Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Cart32 Input Validation Error in 'GetLatestBuilds' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Infinity WEB Input Validation Error Lets Remote Users Inject SQL Commands. Read more www.securiteam.com: Artmedic Links File Inclusion Vulnerability. Read more News: www.theregister.co.uk: CERT recommends anything but IE. Read more www.securityfocus.com: Gates Defends Microsoft Patch Efforts. Read more www.theregister.co.uk: Internet Explorer. Quick, call security! Read more www.sundaytimes.co.za: Explorer reports �serious' security hole. Read more zdnet.com.com: Spyware-killers get going online. Read more www.crime-research.org: Authors of the last viruses are Russians. Read more www.demingheadlight.com: New email scam is circulating. Read more www.computerworld.com: VeriSign introduces e-mail, antiphishing services. Read more www.detnews.com: E-mail under attack. Read more www.theregister.co.uk: Beastie Boys claim no virus on crippled CD. Read more

28 june 2004 New Trojans: System33r Socks4 1.0 TEST Backdoor.Dewin.e Backdoor.Ierk.a Guides, Papers, etc www.imperva.com: How safe is it out there? Zeroing in on the vulnerabilities of application security. Read more www.imperva.com: Web Application Worms: Myth or Reality? Read more Vulnerabilities & Exploits www.securitytracker.com: HelpDesk PRO Input Validation Flaw Lets Remote Users Bypass Authentication Via SQL Command Injection. Read more News: australianit.news.com.au: Gates defends security record. Read more www.timesofoman.com: Hackers becoming more clever. Read more www.timesofoman.com: As the worm turns: Criminal gangs target computer users. Read more www.ciol.com/: Net virus steals financial data. Read more www.theage.com.au: Russian site spreading virus shut down. Read more www.venicegondolier.com: FDLE computer crime center warns of phishing scams. Read more www.vnunet.com: Microsoft tipped to buy security firm. Read more www.wired.com: Ethical Hacking Is No Oxymoron. Read more www.crime-research.org: "Reporters Without Borders": Free Internet in Ukraine. Read more

27 june 2004 New Trojans: Doctor 0.13 Keylog Spy Backdoor.Leon Guides, Papers, etc www.covertsystems.org: Analysis of the Exploitation Process by Covert Systems Research. (pdf) download www.corante.com: What Secrets DRM Encryption is Really Hiding. Read more conference.hackinthebox.org: HackInTheBox Security Conference 2004 Kuala Lumpur, Malaysia. Read more Vulnerabilities & Exploits www.securitytracker.com: strongSwan X.509 Validation Error Lets Remote Users Authenticated to Protected Networks. Read more www.securitytracker.com: Openswan X.509 Validation Error Lets Remote Users Authenticated to Protected Networks. Read more www.securitytracker.com: artmedic links Discloses Files to Remote Users. Read more www.securitytracker.com: Confixx Discloses '/root' Contents to Remote Authenticated Users. Read more www.securitytracker.com: FreeBSD execve() Unaligned Memory Parameter Lets Local Users Crash the System. Read more www.securitytracker.com: phpmyfamily Lets Remote Users Gain Edit Privileges. Read more www.securiteam.com: Rplr msg() Buffer Overflow (Exploit). Read more www.zone-h.org: ZH2004-13SA (security advisory): Sql Injection in Help Desk Pro 2.0. Read more News: www.detnews.com: Hackers try new ways to wiggle in their worms. Read more www.detnews.com: Computer viruses grow sicker. Read more www.crn.com: Experts Warn That 'Scob' Virus Could Lead To Keyboard Logging. Read more www.reuters.com: Ethical Hacking Is No Oxymoron. Read more www.eweek.com: Attack on IIS Web Sites Infects Browsers With Malicious Code. Read more www.eweek.com: DoS Attack May Tap Web Graphics Flaw. Read more

26 june 2004 New Trojans: .97mm 4.1b System33r Multi Webdownloader 1.4 Backdoor.Hackarmy.p Guides, Papers, etc www.oreillynet.com: Scanning for viruses with Knoppix. Read more www.itmanagersjournal.com: How to use cryptography in computer security. Read more download.microsoft.com: TechNet Webcast: 10 Things Hackers Don�t Want You To Know - Level 300. Read more Vulnerabilities & Exploits www.securitytracker.com: 'Dr.Cat' Daemon Buffer Overflows May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: giFT-FastTrack Null Pointer Dereference Lets Remote Users Crash the giFT Daemon. Read more www.securitytracker.com: GNATS Format String Flaw in 'misc.c' May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: ZWS Newsletter and Mailing List Manager Discloses User Passwords to Remote Users. Read more www.securitytracker.com: vBulletin Input Validation Flaws in 'newreply.php' and 'newthread.php' Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.debian.org: DSA-524-1 rlpr -- several vulnerabilities. Read more www.debian.org: DSA-523-1 www-sql -- buffer overflow. Read more News: www.theregister.co.uk: Watch out! Incoming mass hack attack. Read more www.hindustantimes.com: Spreading Web virus aimed at stealing financial data. Read more www.microsoft.com: Microsoft Statement Regarding Download.Ject Malicious Code Security Issue. Read more www.crime-research.org: US Congress against spyware. Read more www.eweek.com: Web Virus 'Scob' Recorded, Reported Keystrokes. Read more www.jsonline.com: 'Scob' virus spreads. Read more www.cnn.com: Trojan virus attacks popular Web sites. Read more news.zdnet.co.uk: Mainstream Web sites spreading back-door infections. Read more www.iht.com: How a worm got into cellphones. Read more www.theregister.co.uk: Russia fines text hack spammer. Read more www.theregister.co.uk: Man charged over Google blackmail attempt. Read more www.theregister.co.uk: Programming pioneer Bob Bemer dies at 84. Read more entmag.com: Growth of Phishing Attacks Slows. Read more www3.gartner.com: MasterCard Antifraud Initiative Has 'Phishing' Limitations. Read more news.zdnet.co.uk: Australia may permit 'personal' music copying. Read more

25 june 2004 New Trojans: Gadu Ghost 1.4 Decisive Downloader 1.0 Ccobra 1.0 client 2 Tools: URCS - Unmanarc Remote Control Server URCS 2.13 Current features: - Shell based control, Shell/Remote based installation - Reverse proxy system (Circumvent Firewalls, NAT/PAT) and keep-alive system protection - TCP redirection for bounce. (multiple and reverse pipes...) - Secure password interchange: (md5(md5(key)+random_seed)) - Installation over net, (Service, HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER) - Configuration over URL (Any configuration parameter can be obtained from a URL) - User-groups configurable based system - Scripting language - Server is linux compatible with wine Download Vulnerabilities & Exploits www.securiteam.com: Bypassing ZoneAlarm Pro 'Mobile Code'. Read more www.securiteam.com: Lotus Notes URI Handler Argument Injection Vulnerability. Read more www.securiteam.com: Linux Broadcom 5820 Cryptonet Driver Integer Overflow. Read more www.securiteam.com: Linux Kernel IEEE1394 (Firewire) Driver Integer Overflow Vulnerabilities. Read more www.securitytracker.com: BCM5820 Linux Driver Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: cplay Temporary Files May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Sun Solaris Basic Security Module 'ad' or 'as' Auditing Lets Local Users Crash the System. Read more News: news.zdnet.co.uk: Mainstream Web sites spreading backdoor infections. Read more www.eweek.com: Web Graphics Exploit Marching Across Internet. Read more www.globetechnology.com: U.S. warns of large-scale virus attack. Read more story.news.yahoo.com: Could Search Sites Spawn Worms? Read more www.chron.com: Online hacker attack prompts investigation. Read more www.theregister.co.uk: When spyware crosses the line. Read more www.crime-research.org: Spam again. Read more news.zdnet.co.uk: AOL worker 'sold email addresses to spammers'. Read more www.newsfactor.com: Microsoft Moves Toward Supercomputing. Read more

24 june 2004 New Trojans: PA HAC 1.5 NG [The Matrix] Destructor 2.0 Vulnerabilities & Exploits www.waraxe.us: Multiple security holes in PhpNuke - part 1. Read more www.securitytracker.com: PHP-Nuke Input Validation Holes in Jounal and Other Modules Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: ArbitroWeb Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Lotus Notes URL Handler Filtering Flaw Lets Remote Users Execute Arbitrary Scripting Code. Read more www.securitytracker.com: IEEE 1394 for Linux Has Integer Overflows That Let Local Users Crash the System. Read more www.securitytracker.com: ISC DHCP Hostname Options Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: BT Voyager 2000 Wireless ADSL Router Discloses Passwords Via SNMP. Read more News: www.theregister.co.uk: Beastie Boys CD installs virus. Read more www.securityfocus.com: Feds urge secrecy over network outages. Read more www.theregister.co.uk: Microsoft patents the body electric. Read more www.winnetmag.com: AOL Engineer Arrested; Charged Will Selling 92 Million Screen Names to Spammer. Read more www.siliconvalley.com: Microsoft to increase Hotmail storage, add virus protection. Read more www.theregister.co.uk: Spanish police smash �35m dialer scam. Read more www.theregister.co.uk: Hotmail bins email accounts on hearsay. Read more www.winnetmag.com: On the Net, Awareness = Safety. Read more zdnet.com.com: Network Associates denies sale rumors. Read more www.investors.com: Network Associates closes up on Microsoft bid talk. Read more www.theregister.co.uk: RIAA sues 482 more unnamed file-sharers. Read more www.chron.com: Cell phone virus a faker. Read more www.newsfactor.com: Analyst: What Happened to Akamai Could Happen to You. Read more www.theregister.co.uk: Penis pill peddler stiffs AOL spam insider. Read more www.overclockersclub.com: Hotmail Storage Upgraded to 250MB. Read more

23 june 2004 New Trojans: Fear 0.2.0 Backdoor.Unwind Gadu Ghost 1.3 ProRat password Cracker Guides, Papers, etc HOWTO bypass Internet Censorship. Read more Vulnerabilities & Exploits www.securitytracker.com: D-Link Router Input Validation Flaw in DHCP HOSTNAME Lets Remote Users Inject Scripting. Read more www.securitytracker.com: rssh Command Argument Expansion Error Discloses Information to Remote Authenticated Users. Read more www.securitytracker.com: SqWebMail Input Validation Bug in print_header_uc() Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: GNU RADIUS Server Can Be Crashed By Remote Users With Specially Crafted SNMP Packets. Read more www.securitytracker.com: nCipher netHSM Discloses Passphrases to Local and Remote Users. Read more www.securitytracker.com: Sun StorEdge Enterprise Storage Manager Lets Local ESMUsers Gain Root Access. Read more www.securitytracker.com: ZoneAlarm Pro Mobile Code Blocking Can Be Bypassed With SSL Connections. Read more www.securitytracker.com: aMSN Discloses Password Hashes to Local Users. Read more www.securitytracker.com: osTicket Attachments Directory Permissions Let Remote Users View or Execute Certain Files on the System. Read more www.securitytracker.com: Usermin Input Validation Hole in E-mail Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: Snitz Forum 2000 Cross Site Scripting In User Registration Form. Read more www.securiteam.com: BT Voyager 2000 Wireless ADSL Router Password Disclosure. Read more www.securiteam.com: DLink-614+ Script Injection Through DHCP HOSTNAME Option. Read more www.securiteam.com: GNU Radius SNMP DoS (Invalid OID). Read more www.securiteam.com: Sqwebmail Cross Site Scripting. Read more www.securiteam.com: Remote File Inclusion in Pivotlog (module_db_xml.php). Read more www.securiteam.com: Ircd-Hybrid-7 / Ircd-Ratbox Low-Bandwidth DoS. Read more News: www.crime-research.org: Al Qaida websites blocked. Read more www.theinquirer.net: Chinese hackers renew attack on Taiwan democrats. Read more zdnet.com.com: Critical flaw found in game software. Read more reviews-zdnet.com.com: Who's crashing your favorite Web sites? Read more www.geek.com: Microsoft says it's prepared to handle mobile viruses. Read more www.chron.com: Four providers join in effort to stop problem before it arrives. Read more news.zdnet.co.uk: MasterCard fights back against phishing. Read more

22 june 2004 New Trojans: Reload 0.39 Cab of Filth 1.2g Iroffer 1.3b02 (1303.i) Guides, Papers, etc www.wtvw.com: Phishing Scam: Protection Tips. Read more www.securityfocus.com: Securing Apache 2: Step-by-Step. Read more Vulnerabilities & Exploits www.securitytracker.com: Linksys BEFSR41 Lets Remote Users Deny Administrative Access. Read more www.securitytracker.com: NETGEAR FVS318 Router Lets Remote Users Deny Administrative Access. Read more www.securitytracker.com: Microsoft MN-500 Wireless Base Station Lets Remote Users Deny Administrative Access. Read more www.securitytracker.com: ASP-Rider Lets Remote Users Gain Administrative Access. Read more www.securitytracker.com: Libpng 'pngrtran' Offset Buffer Overflow May Let Remote Users Deny Service or Execute Code Via Affected Applications. Read more www.securitytracker.com: rlpr Format String and Buffer Overflow Let Remote Users Execute Arbitrary Code and Local Users Gain Root Privileges. Read more www.securiteam.com: Linux Kernel Crash Due To Floating Point Exception (frstor) Exploit Code. Read more www.securiteam.com: Web Wiz Forums Registration Rules XSS Vulnerability. Read more www.securiteam.com: Checkpoint Firewall-1 IKE Vendor ID Information Leakage. Read more www.securiteam.com: Symantec Enterprise Firewall DNSD Cache Poisoning Vulnerability. Read more www.securiteam.com: Code Execution In The Unreal Engine Through \secure\ Packet. Read more News: www.theregister.co.uk: China urges ISPs to sign 'self-disciplinary' pact. Read more www.crime-research.org: Internet crimes in Armenia. Read more news.zdnet.co.uk: Outlook's security compromised by spammers. Read more www.microscope.co.uk: Mobile worm could be just the start, users told. Read more www.theage.com.au: Microsoft security flaw moderate this month. Read more strategiy.com: MasterCard conference to combat fraud. Read more news.zdnet.co.uk: Stealth wallpaper shields WLANs. Read more

21 june 2004 New Trojans: Evil Net Stealth WebDownloader 1.1 Chloride 2.3 client RAT Cracker 1.4.0 Vulnerabilities & Exploits www.securitytracker.com: WWW-SQL Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: DNS One Appliance Input Validation Holes in DHCP Reporting Lets Remote Users Inject Scripting. Read more www.securitytracker.com: Super Format String Errors May Let Local Users Grab Root Privileges. Read more www.securitytracker.com: sup Logging Function Format String Errors May Let Remote Users Execute Arbitrary Code. Read more News: www.theregister.co.uk: US moves towards anti-spyware law. Read more times.hankooki.com: Peep Trojan Hackers Send E-Mail Via China. Read more www.theinquirer.net: South Korean defence hacked. Read more www.usatoday.com: The network strikes back: Experts worry about tech retaliation. Read more www.crime-research.org: Phishing spreading. Read more www.businessweek.com: Nothing's foolproof, but early-warning antivirus systems are getting better jumps on mischief makers. Read more nwc.securitypipeline.com: IM Worms Could Spread In Seconds. Read more www.theinquirer.net: Cure for mobile virus found. Read more

20 june 2004 New Trojans: Sneaker RAT Cracker 2.0 SoftWAR ShadowThief (b) server Vulnerabilities & Exploits www.geocities.com: Multiple Antivirus Scanners DoS attack. Read more www.debian.org: DSA-522-1 super -- format string vulnerability. Read more www.debian.org: DSA-521-1 sup -- format string vulnerability. Read more www.debian.org: DSA-520-1 krb5 -- buffer overflows. Read more www.securitytracker.com: Extreme Networks Switch BGP Protocol Error Lets Remote Users Deny Service. Read more www.securitytracker.com: Unreal Game Engine Has Buffer Overflow in 'Secure' Query That May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux Kernel Flaws in Several Drivers May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Sun Kerberos Security Patch May Disclose Kerberos Client Passwords to Local Users. Read more www.securitytracker.com: HP-UX Xfs Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Opera Web Browser CSS IFrame Lets Remote Users Spoof the Address Bar. Read more www.securitytracker.com: Novell iChain Input Validation Bug in 'url' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: SGDynamo Discloses Installation Path to Remote Users. Read more News: news.com.com: From Cisco, self-defense weapons for networks. Read more www.idahostatesman.com: Beware of ID theft by Social Security scam. Read more www.antiphishing.org: Anti-Phishing Working Group. Read more

19 june 2004 New Trojans: Backdoor.Winker.m YTrojan Moon Trojan Vulnerabilities & Exploits www.securitytracker.com: FreeIPS TCP Reset Error Lets Remote Users Deny Service. Read more www.securitytracker.com: Snitz Forums 2000 Input Validation Flaw in 'register.asp' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.debian.org: DSA-520-1 krb5 -- buffer overflows. Read more News: www.securityfocus.com: Time to Dump Internet Explorer. Read more www.winonadailynews.com: Experts Worry About Tech Retaliation. Read more www.informationweek.com: Symantec Warns That IM Worms Could Devastate Business. Read more www.usatoday.com: San Jose firm unwillingly hosts footage of kidnapped American. Read more www.techweb.com: Security Vendor Launches Phishing Index. Read more www.crime-research.org: Police nabs a scammer. Read more www.virusbtn.com: Sasser author jobseeking. Read more www.informationweek.com: Anti-Phishing Group Aims To Restore Trust. Read more

18 june 2004 New Trojans: FuckBot (a) Backdoor.Shext Snatch 1.47 Vulnerabilities & Exploits www.securitytracker.com: phpMyChat Grants Administrative Access to Remote Users and Has Other Flaws. Read more www.securitytracker.com: Linux Kernel Integer Overflow in i2c Driver Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: webAuction Lets Remote Users Delete Auction Items. Read more www.securitytracker.com: Singapore Discloses Encrypted Passwords to Remote Users. Read more www.securiteam.com: Cisco IOS Malformed BGP Packet Causes DoS. Read more www.securiteam.com: ignitionServer Server Linking Password Verification Vulnerability. Read more www.securiteam.com: "IBM Access Support" (eGatherer) Activex Dangerous Methods Vulnerability. Read more www.securiteam.com: IBM acpRunner ActiveX Dangerous Methods Vulnerability. Read more www.securiteam.com: NetBSD Kernel swapctl(2) DoS Vulnerability. Read more www.securiteam.com: MoinMoin Administrative Group Name Privilege Escalation Vulnerability. Read more www.securiteam.com: Linux Kernel i2c Integer Overflow Vulnerability. Read more www.securiteam.com: Pivot Remote Code Execution Vulnerability. Read more www.securiteam.com: Singapore MD5 Administrative Password Disclosure. Read more News: www.taipeitimes.com: Beijing wages cyberwar against DPP headquarters. Read more www.entmag.com: Paid Microsoft Anti-Virus Subscription Service in the Works? Read more www.computerworld.com": Q&A: Tom Leighton, chief scientist at Akamai. Read more www.theregister.co.uk: 'Spam King' Richter get legal roasting. Read more www.integralis.co.uk: Security Advisory - WLAN Hotspot Piracy through Identity Theft. Read more www.securityfocus.com: Feds, Private Groups to Educate Consumers About Phishing Scams. Read more www.networkcomputing.com: End Buffer-Manipulation Exploit Threats. Read more www.crime-research.org: Piracy increases. Read more

17 june 2004 New Trojans: Backdoor.Loony.h Snatch 1.45 YU War Troyan Iroffer 1.3b02 (1303.f) Iroffer 1.3b02 (1303.g) Guides, Papers, etc TOORCON 2004 CALL FOR PAPERS - issued June 14th 2004. Read more Vulnerabilities & Exploits www.securitytracker.com: Check Point FireWall-1 IPSec IKE Packets Disclose Identifying Vendor and Version Information to Remote Users. Read more www.securitytracker.com: Webmin Account Lockout Can Be Bypassed By Remote Users. Read more www.securitytracker.com: Usermin Account Lockout Can Be Bypassed By Remote Users. Read more www.securitytracker.com: Cisco IOS Can Be Crashed With Malformed BGP Packet. Read more www.securitytracker.com: Linux Kernel FPU Processing Error Lets Local Users Crash the System. Read more www.securitytracker.com: Symantec Enterprise Firewall DNSD Proxy Can Be Poisoned By Remote Users. Read more www.securitytracker.com: IBM acpRunner ActiveX Control Has Unsafe Methods That Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: IBM eGatherer ActiveX Control Has Unsafe Methods That Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Web Wiz Forums 'registration_rules.asp' Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: WinAgents TFTP Server Remote DoS (Long Filename). Read more www.securiteam.com: VP-ASP Shopping Cart Multiple Vulnerabilities. Read more www.securiteam.com: Multiple Antivirus DoS During Processing of Malformed Compressed Archives. Read more www.securiteam.com: PHP-Nuke Multiple Vulnerabilities (Reviews/Encyclopedia/FAQ Modules). Read more News: news.zdnet.co.uk: Attack downs Yahoo, Google and Microsoft. Read more zdnet.com.com: 'Zombie' PCs caused Web outage, Akamai says. Read more news.zdnet.co.uk: Worm cuts off antivirus programs. Read more www.vnunet.com: One in three PCs hosts spyware or Trojans. Read more www.theregister.co.uk: Americans lost $2.4bn to net fraudsters in 2003. Read more www.crn.com: Informant In `Sasser' Worm Case Under Investigation, German Prosecutors Say. Read more www.crime-research.org: Russian hackers attacked Akamai servers. Read more news.zdnet.co.uk: Antivirus plans 'still under development' - Microsoft. Read more www.theregister.co.uk: Spammer prosecutions waste time and money. Read more www.theregister.co.uk: Feds reject anti-spam registry. Read more news.zdnet.co.uk: 'Concept virus' little threat to smartphones. Read more www.nwfusion.com: Wardriving for WLAN security. Read more

16 june 2004 New Trojans: Snatch 1.37 Snatch 1.38 Evilsocks 0.2 Guides, Papers, etc www.schneier.com: Honeypots and the Honeynet Project. Read more www.schneier.com: E-Mail Viruses, Worms, and Trojan Horses. Read more Vulnerabilities & Exploits www.debian.org: DSA-519-1 cvs -- several vulnerabilities. Read more www.debian.org: DSA-518-1 kdelibs -- unsanitised input. Read more www.securitytracker.com: Thy Web Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: KAME Racoon May Validate Invalid Certificates. Read more www.securitytracker.com: Pivot Include File Hole in 'module_db.php' Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: BEA WebLogic Server May Return an Unexpected User Identity to Certain RMI Requests. Read more www.securitytracker.com: BEA WebLogic Running SSL Can Be Crashed By Remote Users. Read more www.securitytracker.com: Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings. Read more News: Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows (835732). Read more Microsoft Security Bulletin MS04-007 ASN.1 Vulnerability Could Allow Code Execution (828028). Read more www.theregister.co.uk: Zafi-b speaks in many tongues. Read more www.theregister.co.uk: Virus attacks mobiles via Bluetooth. Read more www.theregister.co.uk: Akamai goes postal, kills Microsoft, Symantec, Google, Apple, Lycos...Read more www.theregister.co.uk: Viruses and spam hit small firms harder. Read more www.crime-research.org: Hackers hacked...a printing-house. Read more zdnet.com.com: Microsoft: No antivirus product yet. Read more

15 june 2004 New Trojans: AmiBoide Uploader 2.0.0 SennaSpy FTP (d) Snatch 1.3 Guides, Papers, etc www.securityfocus.com: TCP/IP Skills for Security Analysts (Part 2). Read more www.securityfocus.com: Wireless Attacks and Penetration Testing (part 2 of 3). Read more www.microsoft.com: Tracking and Fighting Spam: A Primer for Postmasters. Read more Vulnerabilities & Exploits alive.znep.com: IE Cookie Exploit #2. Read more www.securitytracker.com: Skype Error in Processing 'callto://' URLs Lets Remote Users Crash the Application. Read more www.securitytracker.com: Linksys Video Camera Input Validation Hole Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: VICE Emulator Memory Dump Command Format String Flaw Lets Local Users Execute Arbitrary Code. Read more www.securitytracker.com: VP-ASP Input Validation Holes in 'shopdisplayproducts' and 'shoperror' Scripts Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securiteam.com: Exploit Code for Firebird Database Remote Database Name Overflow. Read more www.securiteam.com: Yahoo's Visual Captchas a.k.a. Word Verification Systems Flawed. Read more www.securiteam.com: VICE Emulator Format String Vulnerability. Read more www.securiteam.com: Sygate Personal Firewall Pro May Be Disabled By Local Programs. Read more www.securiteam.com: Race Driver Security Issues and DoS. Read more www.securiteam.com: RealPlayer embd3260.dll Error Response Heap Overflow. Read more www.securiteam.com: Real Networks RealPlayer URL Parsing Buffer Overflow Vulnerability. Read more www.securiteam.com: Aspell 'word-list-compress' Stack Overflow Vulnerability. Read more www.securiteam.com: Chora CVS/SVN Viewer Remote Vulnerability. Read more News: www.infoworld.com: Russian firm reports first mobile phone worm. Read more www.smh.com.au: Worm Zafi.b reaches dangerous levels. Read more www.theregister.co.uk: Chinese cyber-dissident gets four years' house arrest. Read more www.crime-research.org: A hacker or a musician? Read more news.com.com: Microsoft releases security-minded Windows code. Read more

14 june 2004 New Trojans: Harvester 2003 (mail) 09 (c) Stealth Password Sender 1.3 Caznova IRC Spy 2.5 Guides, Papers, etc Vulnerabilities & Exploits www.securitytracker.com: Chora Input Validation Error in Diff Viewing Lets Remote Users Inject Shell Commands. Read more www.securitytracker.com: Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users Spoof Sites in the Trusted Zone. Read more www.securitytracker.com: Opera '%2F' URL Parsing Error Lets Remote Users Spoof Arbitrary URLs. Read more www.securitytracker.com: Sygate Personal Firewall PRO Fail-Safe Feature Can Be Bypassed By Local Users. Read more News: news.bbc.co.uk: Microsoft races to deter hackers. Read more www.news-journalonline.com: Wi-fi's popularity spawns huge security hole at home. Read more www.globeandmail.com: Techie alert: Even you can be hacked. Read more www.crime-research.org: Scammers earn on leaving examinations. Read more www.hindustantimes.com: The Virus Story Continues. Read more english.chosun.com: AhnLab Warns of Another Worm Virus. Read more times.hankooki.com: Zafi Worm Warned. Read more

13 june 2004 New Trojans: A+++ System33r Socks4 0.0.2 Guides, Papers, etc Vulnerabilities & Exploits subversion.tigris.org: Subversion versions up to and including 1.0.4 have a potential Denial of Service and Heap Overflow issue related to the parsing of strings in the 'svn://' family of access protocols. Read more News: Citibank Phishing Alert: http://[email protected]/www/ct/verify.html www.theregister.co.uk: NTL builds bigger worm trap. Read more news.zdnet.co.uk: 'Set-up is vital' for WLAN security. Read more news.zdnet.co.uk: Microsoft sues spammers for deceiving consumers. Read more news.zdnet.co.uk: IE flaws open back door to adware. Read more

12 june 2004 New Trojans: MSN Messenger Hack 1.0.2 v2 Fuck MSN Troyan 2.0 Winicabras 1.1 Guides, Papers, etc Is finding security holes a good idea? (pdf)  Read more Vulnerabilities & Exploits www.securitytracker.com: (US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain Redirect Hole Lets Remote Users Execute Arbitrary Code. Read more www.nextgenss.com: EAL One Player code execution through malformed media file. Read more service.real.com: RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. Read more www.securitytracker.com: PHP-Nuke Input Validation Holes in Reviews, Encyclopedia, and Faq Modules Permit Cross-Site Scripting and Other Attacks. Read more www.securitytracker.com: NetBSD swapctl(2) Integer Error Lets Local Users Crash the System. Read more www.securitytracker.com: Subversion Buffer Overflow in 'svn://' Parser Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users. Read more News: www.newsfactor.com: Who's Getting Rich on Computer Viruses? Read more www.securityfocus.com: Backdoor program gets backdoored. (published on MegaSecurity on 27 may 2004)Read more www.theregister.co.uk: Computer intrusion losses waning. Read more www.theregister.co.uk: MS sues 200 for spamming. Read more www.theregister.co.uk: Code-theft suspects nabbed, claims Half-Life 2 team. Read more www.theregister.co.uk: German hate mail spam attack stuns experts. Read more

11 june 2004 New Trojans: Spyman Backdoor.VB.oc icebot Vulnerabilities & Exploits www.guninski.com: Buffer overflow in apache mod_proxy,yet still apache much better than windows. Read more service.real.com: RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. Read more www.securitytracker.com: ksymoops on Mandrake Linux Lets Local Users Cause Files to Be Deleted. Read more www.securitytracker.com: WinAgents TFTP Server Can Be Crashed By Remote Users Requesting Long Filenames. Read more www.securitytracker.com: Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: smtp.proxy Format String Bug Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: cPanel Access Control Flaw Lets Remote Authenticated Users Make Unauthorized Database Password Changes. Read more www.securitytracker.com: Invision Power Board Input Validation Bug in 'ssi.php' Permits SQL Injection. Read more www.securitytracker.com: AspDotNetStorefront Input Validation Hole in Uploading Image Files Lets Remote Authenticated Administrators Upload and Execute Arbitrary Code. Read more www.securitytracker.com: TrendMicro OfficeScan 'winhlp32.exe' Lets Local Users Execute Arbitrary Applications With Local SYSTEM Privileges. Read more www.securitytracker.com: Symantec Gateway Security 360R May Let Remote Wireless Users Bypass the Security Access Controls. Read more www.securitytracker.com: Cisco CatOS Can Be Crashed By Remote Users With a TCP-ACK Attack. Read more www.securiteam.com: CVS Multiple Vulnerabilities (getline, serve_notify, serve_max_dotdot, wrapper, error_prog_name). Read more www.securiteam.com: Crystal Reports Web Viewer Vulnerability Allows Information Disclosure and DoS (MS04-017). Read more www.debian.org: DSA-517-1 cvs -- buffer overflow. Reada more 0xbadc0ded.org: remotely exploitable format string vulnerability exists in smtp.proxy. Read more News: www.theregister.co.uk: Unpatched IE vuln exploited by adware. Read more news.zdnet.co.uk: IE flaws open back door to adware. Read more nwc.serverpipeline.com: Korgo Worm Threat Grows. Read more www.crime-research.org: Computer crimes: DDoS ordered. Read more news.zdnet.co.uk: Open-source code maintainer filled with flaws. Read more

10 june 2004 New Trojans: PA HAC 1.5 Pro Beta Cobra Uploader 1.0 Caznova IRC Spy 1.3 Guides, Papers, etc www.securityfocus.com: TCP/IP Skills for Security Analysts (Part 2). Read more homepages.cwi.nl: Analyzing Worms using Compression. Read more Vulnerabilities & Exploits www.securitytracker.com: CVS Has NULL Termination, Integer Overflow, and Double Free Bugs That Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP-UX FTP Client Pipe Character Input Validation Flaw Lets Remote Server Execute Arbitrary Commands. Read more www.securitytracker.com: GNU Aspell Buffer Overflow in 'word-list-compress' May Let Users Execute Arbitary Code. Read more www.securitytracker.com: Squid ntlm_check_auth() Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: US Robotics Broadband Router Discloses Administrative Password to Remote Users. Read more www.securitytracker.com: Race Driver Game Can Be Crashed By Remote Users. Read more www.securitytracker.com: Sophster 'Change Permissions' May Let Local Users Access Files. Read more www.securiteam.com: Cross Application Scripting in Trend Micro's Antivirus Software (Subject Line). Read more www.securiteam.com: Vulnerability in DirectPlay Could Allow DoS (MS04-016). Read more www.securiteam.com: PHP Win32 escapeshellcmd() and escapeshellarg() Input Validation Vulnerability. Read more www.securiteam.com: PHP-Nuke Inadequate Security Give Rise to a Variety of Attack Methods. Read more www.securiteam.com: Most Long Filename Buffer Overflow. Read more www.securiteam.com: cPanel mod_php suexec Taint Vulnerability. Read more www.cisco.com: Cisco Security Advisory: Cisco CatOS Telnet, HTTP and SSH Vulnerability. Read more News: www.theregister.co.uk: MS hatches June patch batch. Read more www.crime-research.org: Korgo is written by Russian hackers. Read more www.theregister.co.uk: The Wi-Fi explosion: a virus writer's dream. Read more australianit.news.com.au: 'Counterstrike software' for hackers. Read more www.theregister.co.uk: Police to monitor chat rooms. Read more www.theregister.co.uk: German fined �8000 for Kazaa uploads. Read more

09 june 2004 New Trojans: MSN Messenger Hack 1.0.2 S-D Iroffer 1.3b02 (1303.k) Tools: vthrottle: SMTP virus throttle basically the software keeps track of what hosts and what senders have been sending mail. if they attempt to send mail from one machine or using one address more than once in a specified interval we back them off by sending a temporary failure. Read more Guides, Papers, etc www.sun.com: How Hackers Do It: Tricks, Tools, and Techniques. (pdf) Read more Vulnerabilities & Exploits www.securitytracker.com: Blosxom Input Validation Holes in 'writeback' Plugin Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application. Read more www.securitytracker.com: Horde IMP Input Validation Hole in Content-Type Header Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Linksys Video Camera Discloses Host Files to Remote Users. Read more www.securitytracker.com: Webmin Discloses Module Configuration Data to Remote Authenticated Users. Read more www.securitytracker.com: PHP-Nuke Input Validation Hole in Reviews Module 'id' and 'title' Parameter Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Trend Micro PC-cillin Internet Security Input Validation Flaw Lets Remote Users Spoof Messages. Read more www.securitytracker.com: JCIFS Authentication Flaw May Let Remote Users Access the System With an Invalid Username. Read more www.securitytracker.com: Gnocatan Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Roundup '@@file' Input Validation Error Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Apple Mac OS X LaunchServices Component May Let Remote Users Register and Execute Applications. Read more www.securitytracker.com: Apple Safari Browser May Execute Applications Via the Show in Finder Button. Read more www.securitytracker.com: FreeBSD Kernel jail(2) Lets Local Privileged Processes Modify the Routing Tables. Read more www.securitytracker.com: cPanel suEXEC Flaw May Let Remote Authenticated Users Execute Abitrary Code. Read more News: www.microsoft.com: Windows Security Update for June 2004. Read more news.zdnet.co.uk: Microsoft issues another two patches. Read more www.nwfusion.com: Microsoft warns of gaming security hole; issues monthly updates. Read more news.zdnet.co.uk: Another Trojan on the attack. Read more www.smh.com.au: Several Trojan copies detected. Read more www.theregister.co.uk: EU attacks anti-spam industry. Read more www.theregister.co.uk: Cisco picks Trend to fight network worms. Read more

08 june 2004 New Trojans: RemNet 3.6 Backdoor.VB.ej Backdoor.Winker.g Guides, Papers, etc An analysis of the 180 Solutions Trojan. Read more Vulnerabilities & Exploits www.securitytracker.com: PHP escapeshellarg() and escapeshellcmd() Parsing Flaws May Let Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: odbc-postgresql Buffer Overflow in make_string() Lets Remote Users Deny Service. Read more www.securitytracker.com: Oracle E-Business Suite - Multiple SQL Injection Vulnerabilities. Read more News: www.ecommercetimes.com: Experts See Sharp Rise in Malware Attack Probability. Read more www.theregister.co.uk: Virus writers deploy bulk mail software. Read more www.smh.com.au: New worm exploting Sasser route. Read more www.nwfusion.com: Trend Micro, Cisco to fight worms. Read more www.theregister.co.uk: US wardriver pleads guilty to Wi-Fi hacks. Read more www.theregister.co.uk: Network Associates warms to behaviour blocking. Read more news.zdnet.co.uk: Linux gains virus armour. Read more news.zdnet.co.uk: Linksys flaw opens door to home networks. Read more

07 june 2004 New Trojans: Intruder (e) Fake Aim 1.0 LokiTech 1.0 Guides, Papers, etc A generic threat analysis for an Internet enabled organisation by Ed Skoudis, Chris Brenton, Jason Fossen, Mike Poor and Jim Herbeck. This paper is a summary of the threats that an organisation faces when they start to use the WWW and a description of the methods used by hackers to enact these threats. This paper has value as it describes in logical plain English the stages involved in hacking and what can be done to counter the threat.(PDF) Download www.securiteam.com: Security Enhancements in Windows XP Service Pack 2. Read more www.securiteam.com: An Analysis of the 180 Solutions Trojan. Read more Vulnerabilities & Exploits www.k-otik.com: TCP Connection Reset Remote Windows 2K/XP Attack Tool Source Code by Aphex. Read more www.debian.org: DSA-516-1 postgresql -- buffer overflow. Read more www.debian.org: DSA-515-1 lha -- several vulnerabilities. Read more www.securiteam.com: Mkdir Buffer Overflow Vulnerability in UNIX Seventh Edition. Read more www.securiteam.com: Phishing for Opera. Read more www.securiteam.com: Colin McRae Rally DoS. Read more www.securiteam.com: Cross Application Scripting in Trend Micro's Antivirus Software. Read more News: Phishing alert for US Bank. Read mor reviews-zdnet.com.com: Beware of keystroke-logging RATs! Read more www.newsfactor.com: Korgo Worm Spreads Slowly But Surely. Read more slashdot.org: Distributive Worm Blocking. Read more

06 june 2004 New Trojans: Transistor 1.3 Remote Screenshot System33r Socks4 0.0.3 Vulnerabilities & Exploits www.securitytracker.com: l2tpd Buffer Overflow in write_packet() Has Unspecified Impact. Read more www.securitytracker.com: FoolProof Security May Disclose 'Administrator' Password to Local User. Read more www.securitytracker.com: Oracle E-Business Suite and Oracle Applications Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Colin McRae Rally 04 'numplayers' Error Lets Remote Users Block the Game Network. Read more www.securitytracker.com: cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators. Read more www.securitytracker.com: Crafy Syntax Live Help Input Validation Holes Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: RealPlayer Has Unspecified Remote Code Execution Flaw. Read more www.gentoo.org: tripwire: Format string vulnerability. Read more News: seattletimes.nwsource.com: Anti-spyware programs sleuth in different ways. Read more www.computerworld.com: New worm targets two Microsoft vulnerabilities. Read more www.computerworld.com: The Witty worm: A new chapter in malware. Read more

05 june 2004 New Trojans: IRC Zombie 1.0 Caznova IRC Spy 1.1 Backdoor.Levelone.a Vulnerabilities & Exploits www.debian.org: DSA-514-1 kernel-image-sparc-2.2 -- failing function and TLB flush. Read more www.securitytracker.com: Eudora Internet Mail Server Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Trend Micro PC-cillin Internet Security May Let Remote Users Execute Scripts in the Local Computer Zone. Read more www.securitytracker.com: log2mail printlog() Format String Bug May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: NETGEAR WG602 Has Default Undocumented Administrative Account. Read more www.securitytracker.com: Mail Manage EX 'mmex.php' Include File Error Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: UnRAR 'getopt.c' Format String Error May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: UNIX 7th Edition mkdir Buffer Overflow Lets Local Users Gain Root Privileges. Read more www.securitytracker.com: Linksys Routers Can Be Crashed With Specially Crafted sysPasswd and sysPasswdConfirm or DomainName Values. Read more www.securitytracker.com: InterBase Buffer Overflow in Processing Database Name Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: IBM Tivoli Configuration Manager Cookie Authentication Weakness May Let Remote Users Hijack Sessions. Read more www.securitytracker.com: Tivoli SecureWay Policy Director Cookie Authentication Weakness May Let Remote Users Hijack Sessions. Read more www.securitytracker.com: IBM WebSphere Everyplace Server Cookie Authentication Weakness May Let Remote Users Hijack Sessions. Read more www.securitytracker.com: IBM Tivoli Access Manager Cookie Authentication Weakness May Let Remote Users Hijack Sessions. Read more www.securitytracker.com: Yahoo! Mail Encoded White Space Entity Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Opera Browser Shortcut Icon May Cover URL Addresses. Read more www.securitytracker.com: Tripwire 'pipedmailmessage.cpp' Format String Flaw May Let Local Users Execute Arbitrary Code. Read more www.securiteam.com: Orenosv HTTP/FTP Server Denial Of Service. Read more www.securiteam.com: Mollensoft FTP Server CD Buffer Overflow. Read mopre www.securiteam.com: WildTangent Web Driver Long Filename Stack Overflow. Read more News: www.theregister.co.uk: Zombie PCs spew out 80% of spam. Read more news.zdnet.co.uk: Security time bomb is triggered by 'rogue laptops'. Read more news.zdnet.co.uk: Hotmail trashes saved files. Read more www.channelnewsasia.com: Netsky-P computer worm threatens to cast nasty spell on Harry Potter fans. Read more news.zdnet.co.uk: 'Prisoner of Azkaban' stokes worm infections. Read more www.crime-research.org: Terrorists relocate to the Internet. Read more zdnet.com.com: Zombies may spoil Microsoft's spam plan. Reda more www.informationweek.com: Worm Attack Could Rack Up $50 Billion In U.S. Damages. Read more www.antiphishing.org: e-gold - 'Please Verify Your Account'. Read more www.securityfocus.com: Wardriver pleads guilty in Lowes WiFi hacks. Read more

04 june 2004 New Trojans: Amiboide Uploader 1.0 Waldo Beta 0.7 (b) Backdoor.Hackarmy.o Guides, Papers, etc www.securityfocus.com: Wireless Attacks and Penetration Testing (part 1 of 3). Read more www.securityfocus.com: Multiple Security Roles With Unix/Linux. Read more Vulnerabilities & Exploits www.greymagic.com: Simple Yahoo! Mail Cross-Site Scripting. Read more www.greymagic.com: Phishing for Opera. Read more www.debian.org: DSA-513-1 log2mail -- format string. Read more www.debian.org: DSA-512-1 gallery -- unauthenticated access. Read more www.securitytracker.com: SurgeMail Input Validation Hole in Login Form Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: PHP Shared Libraries on Slackware Linux May Let Local Users Execute Arbitrary Code. Read more www.securitytracker.com: Gallery 'init.php' Authentication Flaw Grants Administrative Access. Read more www.securiteam.com: Metamail Buffer Overflow Exploit (From Header). Read more www.securiteam.com: Tripwire Format String Vulnerability. Read more News: www.theregister.co.uk: Mutant son of MyDoom plans three-pronged attack. Read more www.thecouriermail.news.com.au: New virus targeting bank accounts. Read more www.theregister.co.uk: Security cert body gives lesson in insecurity. Read more www.thesandiegochannel.com: Worm Cloaks Itself As Potter Game To Spread. Read more www.thecouriermail.news.com.au: Sasser-like worm in the wild. Read more zdnet.com.com: Tests to uproot Windows passwords begin. Read more zdnet.com.com: Are developers stealing code? Read more www.theregister.co.uk: Opera snips phishing lines. Read more www.theregister.co.uk: Korgo raises zombie PC army. Read more www.crime-research.org: Ukraine: carders. Read more

03 june 2004 New Trojans: PA HAC 1.3 2004 Snow 3.9 CN Polyserver 1.0 Guides, Papers, etc www.securityfocus.com: H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation. Read more www.securityfocus.com Multiple Security Roles With Unix/Linux. Read more Vulnerabilities & Exploits www.securitytracker.com: Nuke Cops Security Check Can By Bypassed Letting Remote Users Determine Installation Path. Read more www.securitytracker.com: osc2nuke Security Check Can By Bypassed Letting Remote Users Determine Installation Path. Read more www.securiteam.com: Linksys WRT54G Administration Page Accessible Through WAN. Read more www.securiteam.com: VocalTec VoIP Gateway (vtg120, vtg480) DoS. Read more www.securiteam.com: TinyWeb Script Disclosure Vulnerability. Read more www.securiteam.com: Multiple SQL Injections in JPortal (print.php). Read more www.securiteam.com: Krb5_aname_to_localname Buffer Overflows. Read more www.debian.org: DSA-512-1 gallery -- unauthenticated access. Read more News: www.securityfocus.com: Catching a Virus Writer. Read more www.smh.com.au: Korgo worm takes phishing to new level. Read more www.theregister.co.uk: Attack of the bandwidth-hogging hackers. Read more www.philly.com: Personal Computing | Spam? Hacker? Faulty backup is the worst. Read more itvibe.com: Netsky-P virus still causing problems. Read more

02 june 2004 New Trojans: Cruel Intentionz 1.23 PB1 Glacier XX [JzNKooO] Nethief 5.6 Vulnerabilities & Exploits www.securitytracker.com: Linksys BEFSR41 EtherFast Router Lets Remote Users Access the Administration Page Even When Remote Administration is Disabled. Read more www.securitytracker.com: Kerberos Buffer Overflows in krb5_aname_to_localname() May Let Remote Users Gain Root Access. Read more www.securitytracker.com: PHP-Nuke Security Check Can By Bypassed Letting Remote Users Determine Installation Path. Read more www.securitytracker.com: Firebird Database Can Be Crashed By Remote Users With Specially Crafted Database Name. Read more www.securitytracker.com: Sambar Server 'showini.asp' and 'showlog.asp' Disclose Files to Remote Authenticated Administrators. Read more www.securitytracker.com: Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login. Read more www.securitytracker.com: PHP-Nuke 'mainfile.php' Lets Local Users Execute Arbitrary SQL Queries. Read more www.securitytracker.com: Linksys WRT54G Lets Remote Users Access the Administration Page Even When Remote Administration is Disabled. Read more News: news.netcraft.com: Phishing Worm Installs Trojan Without Trickery. Read more www.tmcnet.com: Spam Trojans a Growing Problem for ISPs. Read more www.theregister.co.uk: Viruses up - or down. Read more news.zdnet.co.uk: Hackers 'recycling code' to spread worms. Read more news.zdnet.co.uk: Sasser tops virus infections. Read more www.crime-research.org: Computer crime targets banks. Read more www.theregister.co.uk: Chinese government censors online games. Read more www.theregister.co.uk: New self-destructing DVD launched. Read more

01 june 2004 New Trojans: chti WebDL (2) HellDoor 1.0 Caznova IRC Spy 1.2 Latinus 1.5 editserver 2 Vulnerabilities & Exploits www.rs-labs.com: SquirrelMail "Content-Type" XSS vulnerability. Read more www.waraxe.us: Multiple vulnerabilities in e107 version 0.615. Read more www.securitytracker.com: TinyWeb Lets Remote Users Download CGI Scripts. Read more www.securitytracker.com: spamGuard Multiple Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: jftpgw Format String Flaw in log() May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: GATOS xatitv Privileged System() Call May Let Local Users Gain Root Privileges. Read more News: www.newswireless.net: News - Symmetrical irony as Sasser virus lays Computex exhibition low. Read more www.crime-research.org: 2003 CSI/FBI Computer Crime and Security Survey. Read more www.crime-research.org: Police closing in on net phishers. Read more www.smh.com.au: When encryption can be misleading. Read more www.wired.com: Complex Passwords Foil Hacks. Read more www.baltimoresun.com: Many Wireless Networks Lack Security. Read more www.theage.com.au: Storms that come from nowhere. Read more

Copyright� MegaSecurity.org