Home    News Archive    Translate Traducen

News June 2005

30 June 2005 Guides, Papers, etc www.benedelman.org: What Passes for "Consent" at 180solutions. Read more www.gartner.com: More Port 445 Activity Could Mean Security Trouble. Read more www.microsoft.com: Bring Spyware Out of the Shadows. Read more lufgi4.informatik.rwth-aachen.de: RWTH hosts international contest on IT-Security. Read more www.niscc.gov.uk: Current Advice. Mitigating the risk of Malicious Software. Read more www.zone-h.org: Zone-H comics - Network Conspiracy. Read more www.astalavista.com: Internet in China: Big Mama is Watching You. Read more   Vulnerabilities & Exploits www.idefense.com: Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability. Read more www.cisco.com: Cisco Security Advisory: RADIUS Authentication Bypass. Read more securitytracker.com: Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Crash the Browser. Read more securitytracker.com: XML-RPC for PHP Lets Remote Users Execute Arbitrary PHP Code. Read more securitytracker.com: Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests. Read more securitytracker.com: Blue Coat ProxySG TCP Stack PAWS Timestamp Implementation Lets Remote Users Deny Service. Read more securitytracker.com: Pavsta Auto Site 'user_check.php' Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: phpBB Flaw in 'viewtopic.php' Highlighting Code May Let Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Adobe Reader/Adobe Acrobat Updater May Let Local Users Gain Elevated Privileges. Read more   News www.globetechnology.com: Hacker cracks Google software. Read more www.vnunet.com: Co-operating with the internet police. Read more www.securitypipeline.com: Worm Claims Worm Writer Nabbed. Read more www.vnunet.com: Hackers unleash industrial spy Trojan. Read more www.asahi.com/: Government to restrict harmful Web sites. Read more www.crn.com: Computer Associates Discloses Weakness. Read more www.infoworld.com: CA restates results, identifies weak financial controls. Read more www.infoworld.com: As support fades, Microsoft offers Win2000 update. Read more www.informationweek.com: Survey Finds Up To 44 Million In U.S. May Be Victims Of ID Crime. Read more www.techweb.com: Microsoft Shrinks Updates. Read more software.silicon.com: Leader: Share your malware knowledge. Read more ww.messagingpipeline.com: FBI Probes Phishing of EBay in Norway. Read more www.infoworld.com: Trial for German Sasser writer begins next Tuesday. Read more www.infoworld.com: Yahoo intros 'social' search engine. Read more www.infoworld.com: Microsoft releases Windows XP Starter for Latin America. Read more www.terra.net.lb: Bill Gates warns Japanese, US children losing out in brain drain. Read more www.iol.co.za: MS unveils Gaelic support packs for WindowsXP. Read more www.iol.co.za: Court accepts music-downloading lawsuits. Read more www.iol.co.za: Data theft dents online sales. Read more

. 29 June 2005 Guides, Papers, etc www.eweek.com: Return of the Anti-Zombies. Read more www.securityfocus.com: Open-source projects get free checkup by automated tools. Read more   Tools: www.microsoft.com: Microsoft Shared Computer Toolkit for Windows XP (Beta). Read more   Vulnerabilities & Exploits securitytracker.com Adobe Reader/Acrobat Lets Remote Users Execute Arbitrary Applications. Read more securitytracker.com Sun Solaris 'ld.so' LD_AUDIT Validation Error Lets Local Users Gain Elevated Privileges. Read more securitytracker.com Community Server Input Validation Hole in Search Permits Cross-Site Scripting Attacks. Read more securitytracker.com Crazy Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com AMBrowser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com GOSURF Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com NotJustBrowsing Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com Acoo Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com ASP Nuke Input Validation Holes Permit SQL Injection, HTTP Response Splitting, and Cross-Site Scripting Attacks. Read more securitytracker.com ASPPlayground.NET Lets Remote Users Upload Arbitrary Files. Read more securitytracker.com Mensajeitor Input Validation Error in 'ip' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com PHP-Nuke Input Validation Hole in Offsite Avatar Image Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com JCDex Lite Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com Linux Kernel ptrace() Function Lets Local Users Modify Kernel Memory. Read more securitytracker.com Linux Kernel AMD64 Unspecified Flaw Lets Local Users Deny Service. Read more securitytracker.com Linux Kernel AMD64 syscall() Validation Flaw Lets Local Users Deny Service. Read more securitytracker.com Linux Kernel AMD64 ptrace() Non-canonical Address Error Lets Local Users Deny Service. Read more securitytracker.com IA eMailServer IMAP LIST Command Validation Flaw Lets Remote Users Deny Service. Read more securitytracker.com Mozilla Firefox Error in Processing Empty Javascript Functions Lets Remote Users Deny Service. Read more   News www.globetechnology.com: UConn finds hacking program on server. Read more www.eweek.com: UConn Finds Rootkit in Hacked Server. Read more software.silicon.com: Virus warning: Bite the Bagle and become a zombie. Read more www.vnunet.com: Pope worm turns nasty. Read more www.theregister.co.uk: NASA hacker jailed. Read more news.bbc.co.uk: Phishing pair jailed for ID fraud. Read more www.theregister.co.uk: �6.5m phishing duo jailed. Read more www.pocket-lint.co.uk: Email Virus pretends to be Breaking News. Read more www.thestreet.com: McAfee Hacks Into Success. Read more www.capetimes.co.za: 'Super-virus could harness network's power'. Read more techdirt.com: Massive UK Child Porn Bust Based On Wrong Info From US Officials. Read more news.bbc.co.uk: 100 million go online in China. Read more news.bbc.co.uk: Software piracy 'seen as normal'. Read more

. 28 June 2005 Guides, Papers, etc www.microsoft.com: Study Shows Windows Beats Linux on Security. Read more www.securityfocus.com: Where's the threat? Read more nwc.networkingpipeline.com: When Good Security Goes Bad. Read more www.astalavista.com: Attacking DDoS at the Source. Read more Browser Identification for web applications by Shreeraj Shah. Read more   Tools: NERO utilizes state-of-the-art academic artificial intelligence research in order to demonstrate its effectiveness in a game environment. The game uses AI to allow simulated robotic agents to cope with changing environments and situations, and form adaptive tactical solutions. The end result is a game that adapts itself to the strategies desired by the player, while still allowing the AI-controlled entities to operate as autonomous agents. NERO introduces a new genre of video game that is only possible with machine learning technology: The player takes the role of trainer and teaches a team of novice soldiers the skills for battle. When sufficient skills have been acquired, players can take their teams to battle mode where their skills are tested against teams trained by other players. Read more www.onlamp.com: Knoppix 4.0 DVD - Like a Kid in a Candy Store. Read more   Vulnerabilities & Exploits www.secnap.com: Vulnerability in DELL Windows XP Professional - default hidden Administrator account allows local Administrator access. Read more securitytracker.com: Sukru Alatas's Guestbook Discloses Database to Remote Users. Read more securitytracker.com: CSV_DB Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Optimal Desktop Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Wichio Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Fast Browser Pro Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: MyInternet Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more www.securiteam.com: ASPNuke SQL Injection Vulnerability (Exploit). Read more www.securiteam.com: Stream/raped DoS. Read more www.securiteam.com: TCP-IP Datalook DoS Vulnerability (Exploit). Read more www.securiteam.com: Cacti Remote Code Execution Vulnerability (Exploit). Read more www.securiteam.com: Veritas Backup Exec Agent Buffer Overflow (Exploit, CONNECT_CLIENT_AUTH). Read more www.securiteam.com: Microsoft Outlook Express NNTP Buffer Overflow (Exploit, MS05-030). Read more www.securiteam.com: Windows SMB Client Transaction Response Handling (Exploit, MS05-011). Read more   News today.reuters.com: Microsoft strengthens ties with Japan universities. Read more www.tinysoftware.com: CA Acquires Tiny Software. Read more go.reuters.com: Computer Assoc. considering name change for fresh start. Read more www.computerworld.com: Targeted attacks pose new security challenge. Read more www.computerworld.com: Supreme Court: File-trading networks can be held liable. Read more www.theregister.co.uk: Indian call centre security breach: man admits guilt. Read more news.zdnet.com: Adware maker tries image makeover. Read more

. 27 June 2005 Guides, Papers, etc www.nthworld.org: On the Virulence of Malware. Read more   Vulnerabilities & Exploits securitytracker.com: TCP-IP Datalook Lets Local Users Deny Servic. Read more www.milw0rm.com: ASPNuke 0.80 and below (article.asp) SQL Injection Exploit. Read more www.cyber-army.org: Guestbook v3 Password Database Vulnerability. Read more www.cyber-army.org: PHP-Nuke Avatar HTML Injection. Read more www.neowin.net: Fresh Javascript Browser Exploit. Read more   News software.silicon.com: Hackers spread Microsoft attack flaw exploit. Read more www.vnunet.com: Security holes haunt Real Player. Read more www.informationweek.com: The Going Gets Hot. Read more software.silicon.com: Microsoft: No plans to patch IE spoof. Read more nwc.securitypipeline.com: The Two Sides Of Network-Security Devices. Read more nwc.securitypipeline.com: Symantec: Exploit Out For Outlook Express Vulnerability. Read more www.infoworld.com: Hotmail takes a tougher stance on spam. Read more www.bizjournals.com: Grand Bank taps technology to fight check fraud. Read more www.informationweek.com: University Of Connecticut Discovers Server Breach. Read more news.com.com: Sex sites win reprieve from new federal rules. Read more

. 26 June 2005 Guides, Papers, etc www.dozleng.com: Does your antispyware's real-time protection work? Read more www.eweek.com: Wireless Access: The Next Great Municipal Crisis. Read more www.informationweek.com: How To Ensure Remote-Control Security With XP. Read more Active Honeypots. read more   Vulnerabilities & Exploits www.frsirt.com: Microsoft Server Message Block (SMB) Remote Exploit (MS05-011). Read more   News www.cyber-army.org: Indian cracks Microsoft's anti-piracy program Read more informationweek.com: Hacker Boot Camp Helps Good Guys Outsmart Internet Troublemakers. Read more www.computerweekly.com: Banks urged to check up on offshore security. Read more www.eweek.com: Drive-By Download Sites Chauffeur Spyware. Read more www.islandpacket.com: UConn finds hacking program in server. Read more www.ftc.gov: FTC Halts Operation�s Bogus �Anti-Spyware� Claims, Freezes Assets. Read more www.eweek.com: Spyware Danger Meets Rootkit Stealth. Read more www.islandpacket.com: Little agreement on spyware guidelines. Read more www.eweek.com: Symantec Begins Cutting Ties to 'Researchware'. Read more www.eweek.com: The Many Faces of Spyware. Read more informationweek.com: Microsoft Again Updates AntiSpyware Beta. Read more informationweek.com: Phishing Costs Nearly $1 Billion. Read more www.islandpacket.com: Library internet access better than ever. Read more

. 25 June 2005 Guides, Papers, etc blogs.msdn.com: Why you shouldn't run as admin...Read more www.eweek.com: 'Least Privilege' Can Be the Best. Read more www.eweek.com: Users Overlook XP's Non-Admin Security. Read more www.insecuremagazine.com: IN)SECURE Magazine is a freely available digital security magazine. Isssue 2. Read more Automated Worm Fingerprinting. Read more   Vulnerabilities & Exploits secunia.com: Multiple Browsers Dialog Origin Vulnerability Test. Read more securitytracker.com: Omni Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: UBBThreads Multiple Input Validation Holes Permit Cross-Site Scripting, SQL Injection, and HTTP Response Splitting Attacks. Read more securitytracker.com: clamav-milter Lets Remote Users Deny Service. Read more securitytracker.com: RealPlayer Enterprise MP3, RAM, RealText and AVI Processing Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: SGI IRIX arrayd Authentication Flaw May Grant Remote Users Root Access. Read more securitytracker.com: Affinity Path Input Validation Error in 'support_page.cgi' Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Linux Kernel IA64 Architecture restore_sigcontext() Access Control Bug May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: Linux Kernel Subthread Exec Signal Processing Bug Lets Local Users Deny Service. Read more   News news.com.com: An army of soulless 1s and 0s. Read more www.cio-today.com: Microsoft Raises Limits on Intellectual-Property Protection. Read more www.reuters.com: Man who hacked US gov't computers gets prison term. Read more seattletimes.nwsource.com: Updated Windows fixed "DSO exploit". Read more news.zdnet.com: Hackers probe Outlook Express flaw. Read more software.silicon.com: Worm outbreak feared after port scanning spike. Read more news.com.com: EarthLink puts up more spyware, phishing shields. Read more www.vnunet.com: Top websites shun Firefox users. Read more www.vnunet.com: Nuclear secrets go global on the web. Read more www.techworld.com: Microsoft forces Sender ID on Hotmail users. Read more news.com.com: States fiddle while defrauders steal. Read more www.siliconvalley.com: Iran tightens Net control, researchers say. Read more www.servihoo.com: US firm says Iran 'illegally' uses Internet filter software. Read more hosted.ap.org: Major Advertisers Caught in Spyware Net. Read more hosted.ap.org: Future Windows Will Include RSS Support. Read more

. 24 June 2005 Guides, Papers, etc www.eweek.com: Wireless Access: The Next Great Municipal Crisis. Read more www.cs.rpi.edu: A Reputation-based System for the Quarantine of Widespread Malicious Behavior. Read more www.ifpi.org: THE RECORDING INDUSTRY 2005 COMMERCIAL PIRACY REPORT. Read more systm.org: Building a War Spying Box. Read more   Vulnerabilities & Exploits www.eeye.com: RealPlayer vidplin.dll AVI Processing Heap Overflow. Read more securitytracker.com: Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry. Read more securitytracker.com: Whois.Cart Input Validation Holes Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more securitytracker.com: Ipswitch WhatsUp Professional Input Validation Hole in 'login.asp' Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Advanced Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Asterisk Buffer Overflow in Manager Interface Lets Remote Authenticated Users Execute Arbitrary Code. Read more www.securiteam.com: phpBB Multiple User Registeration DoS (Exploit). Read more www.securiteam.com: MercuryBoard SQL Injection (User-Agent). Read more www.securiteam.com: Simple Machine Forum SQL Injection (modify). Read more www.securiteam.com: FRB Remote Command Execution (Exploit). Read more www.psphacker.com: KXploit Released! (NO MORE SWAPPING!). Read more   News www.theregister.co.uk: Microsoft rolls out SP1 blocker for shy Windows 2003 servers. Read more news.zdnet.com: IE pop-up spoof won't get patch. Read more www.pcworld.idg.com.au: Browser alternatives are no security guarantee. Read more news.bbc.co.uk: Websites alienate Firefox users. Read more www.zdnet.com.au: Mass worm attack could be imminent. Read more www.terra.net.lb: Data breaches dent consumer confidence in Internet. Read more www.theregister.co.uk: World is safe from mobile viruses for a few more years. Read more news.zdnet.co.uk: Internet marketeer faces spam charges. Read more www.vnunet.com: Phishing threatens online confidence. Read more www.vnunet.com: Police need e-crime skills. Read more

. 23 June 2005 Guides, Papers, etc www.microsoft.com: The Security Monitoring and Attack Detection Planning Guide. Read more www.microsoft.com: The Administrator Accounts Security Planning Guide. Read more   Vulnerabilities & Exploits securitytracker.com: HP Version Control Repository Manager May Disclose Proxy Password to Local Users. Read more securitytracker.com: Slim Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: NetCaptor Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Avant Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: MercuryBoard Input Validation Hole in HTTP User-Agent Permits SQL Injection. Read more securitytracker.com: i-Gallery Input Validation Hole in 'folderview.asp' Discloses Files to Remote Users and Permits Cross-Site Scripting Attacks. Read more www.securiteam.com: PeerCast Remote Format String (Exploit). Read more   News www.securityfocus.com: Targeted Trojan-horse attacks hitting U.S., worldwide. Read more www.theregister.co.uk: Internal security attacks affecting banks. Read more www.vnunet.com: Internal hackers pose the greatest threat. Read more news.com.com: Details emerge on credit card breach. Read more www.theregister.co.uk: Firefox users turned away from 10% of top UK sites. Read more www.terra.net.lb: Hacker plays havoc with Nicolas Cage's e-mail address. Read more www.terra.net.lb: Spain arrests web code-cracker "P. Power". Read more www.terra.net.lb: US firm says Iran 'illegally' uses Internet filter software. Read more www.theregister.co.uk: MS axes Unix anti-virus sales after bagging Sybari. Read more www.computerworld.com.au: Yankee Group warns of security software vulnerabilities. Read more crn.com: Linux Called 'Garbage' By Open-Source Rival. Read more news.zdnet.co.uk: Pop-up phishing flaw found in major browsers. Read more www.theregister.co.uk: Compensation for pyramid scheme victims. Read more news.zdnet.co.uk: Experts warn on opportunistic malware avalanche. Read more

. 22 June 2005 Guides, Papers, etc www.secinf.net: Instant Messenger Security: Securing Against the Threat of Instant Messengers. Read more books.slashdot.org: The Art of Computer Virus Research and Defense. Read more   Vulnerabilities & Exploits wordpress path disclosure by rgod. Read more securitytracker.com: Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Opera Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Apple Safari Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: iCab Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Mozilla Camino Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Mozilla Firefox Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Mozilla Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more securitytracker.com: Ruby XMLRPC Security Control Flaw May Let Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Cacti Input Validation Holes Let Remote Users Inject SQL Commands and Execute Arbitrary Commands. Read more securitytracker.com: Novell NetMail for Linux Access Permissions May Let Local Users Modify the Binaries. Read more securitytracker.com: Enterasys Vertical Horizon Common Default Password Grants Access to Remote Users. Read more securitytracker.com: paFAQ Flaws Let Remote Users Download the Database, Inject SQL Commands, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code. Read more securitytracker.com: Novell GroupWise Client Discloses Password to Local Users. Read more   News news.zdnet.co.uk: Hacking scandal blamed on broken rules. Read more www.computerweekly.com: Patch and patch again to beat new wave of Trojans, says government. Read more www.theregister.co.uk: Unauthorised research opened door to MasterCard breach. Read more www.detnews.com: Theft from card processor indicates hackers' increasing power. Read more www.smh.com.au: NAB first to be aware of fraud: Costello. Read more australianit.news.com.au: Hackers thinking small. Read more www.vnunet.com: Adobe falls through XML flaw. Read more www.theregister.co.uk: Microsoft sues German spammer. Read more www.theinquirer.net: Mobile worms are sluggish to arrive. Read more www.vnunet.com: Users pose greatest security risk. Read more www.star-techcentral.com: Slamming door on porn opens others. Read more techdirt.com: It's Not Censorship As Long As We Don't Call It Censorship. Read more www.theregister.co.uk: Scientists see women's brains switch off during sex. Read more news.zdnet.co.uk: Chess grandmaster to battle supercomputer. Read more

. 21 June 2005 Guides, Papers, etc program.whatthehack.org: What The Hack is an outdoor hacker conference/event taking place on a large event-campground in the south of The Netherlands from 28 until 31 July 2005. Read more www.pcworld.com: Slaying Spam-Spewing Zombie PCs. Read more www.uniras.gov.uk: Targeted Trojan Email Attacks. Read more www.astalavista.com: Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware. Read more   Tools: www.nta-monitor.com: Fingerprinting Tool Identifiies VPN Servers. Read more   Vulnerabilities & Exploits www.exploitx.com: Google Exploit Queries Thread. Read more securitytracker.com Cisco VPN 3000 Lets Remote Users Determine Valid Groupnames. Read more securitytracker.com Ublog Reload Input Validation Holes in 'index.asp' Permit SQL Injection and in 'trackback.asp' Permit Cross-Site Scripting Attacks. Read more securitytracker.com Heimdal telnetd Buffer Overflow in getterminaltype() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Trac Input Validation Hole Lets Remote Users Upload Arbitrary Files. Read more securitytracker.com Fortibus CMS Input Validation Flaws Let Remote Users Injection SQL Commands. Read more securitytracker.com Sudo Race Condition in Processing Command Pathnames Lets Local Users Execute Arbitrary Commands. Read more securitytracker.com Contelligent Preview Mechanism Lets Remote Authenticated Users Gain Elevated Privileges. Read more securitytracker.com Opera XMLHttpRequest Access Controls Can By Bypassed By Remote Users. Read more securitytracker.com Opera 'javascript:' URL Access Control Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks and Access Files on a Target User's System. Read more securitytracker.com RealVNC Null Sessions Disclose System Information to Remote Users. Read more www.securiteam.com: Claroline E-Learning Application Remote SQL Injection (Exploit 2). Read more   News www.theregister.co.uk: MasterCard hack spawns phishing attack. Read more www.zdnet.com.au: Credit card scam highlights need for security: Coonan. Read more www.techworld.com: Security software a bigger risk than products it protects. Read more www.informationweek.com: Hackers Finding Flaws In Security Software. Read more www.vnunet.com: Foreign spooks target UK techies. Read more www.thepost.ie: O2 warns Bluetooth users over virus risk. Read more www.vnunet.com: Smart software creates 'thinking' computers. Read more

. 20 June 2005 Guides, Papers, etc www.eweek.com: Botnet Hunters Search for 'Command and Control' Servers. Read more www.exploitx.com: Page Hijack: The 302 Exploit, Redirects and Google. Read more   Vulnerabilities & Exploits www.securiteam.com: Claroline E-Learning Application Remote SQL Injection. Read more www.exploitx.com: Page Hijack: The 302 Exploit, Redirects and Google. Read more   News www.theregister.co.uk: MasterCard fingers partner in 40m card security breach. Read more www.computerworld.com.au: Microsoft: Online security needs global cooperation. Read more www.informationweek.com: Big, Bad Threats. RSS and Firefox will be next victims of adware deluge, Webroot's threat-research director says. Read more ww.computerworld.com.au: Trojan e-mails suggest trend toward targeted attacks. Read more www.hardwarezone.com: Hackers Run Unauthorized Programs on PSP. Read more www.vnunet.com: Viruses don cunning disguises. Read more

. 19 June 2005 Vulnerabilities & Exploits securitytracker.com: Sun ONE Messaging Server Lets Remote Users Execute Arbitrary Code on a Target Webmail User's System. Read more securitytracker.com: JBoss Input Validation Hole May Disclose Installation Path and Configuration File to Remote Users. Read more securitytracker.com: Yaws Web Server Discloses Script Source Code to Remote Users. Read more   News www.newsfactor.com: Fresh Warning over Rise in Mobile Viruses. Read more www.technewsworld.com: British Security Officials Warn of Targeted Cyber-Attacks. Read more www.wftv.com: Investigation Shows Big Business Funding Sex Chat Rooms. Read more news.bbc.co.uk: How Skype and Kazaa changed the net. Read more

. 18 June 2005 Guides, Papers, etc www.sharp-ideas.net: Pod slurping. Security Risks of iPods. Read more www.spectrum.ieee.org: How to Hook Worms. Read more www.infosecwriters.com: Stealing passwords via browser refresh. Read more An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied by Bill Cheswick. Read more   Vulnerabilities & Exploits securitytracker.com: Midnight Commander Buffer Overflow in insert_text() May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: Mambo 'com_contents' Input Validation Hole in 'user_rating' Parameter Permits SQL Injection. Read more securitytracker.com: CoolCafe 'login.asp' Input Validation Hole Permits SQL Injection. Read more securitytracker.com: Ultimate PHP Board Input Validatioh Holes in Multiple Scripts Allow Cross-Site Scripting Attacks. Read more securitytracker.com: SpamAssassin Bug in Processing Long Message Headers Lets Remote Users Deny Service. Read more   News www.securityfocus.com: MasterCard warns of massive credit-card breach. Read more www.chron.com: Millions of credit cards at risk of fraud. Read more www.washingtonpost.com: Security Breach Could Expose 40M to Fraud. Read more www.theregister.co.uk: UK trojan siege has been running over a year. Read more cyber.law.harvard.edu: Screenshots of Censorship in China. Read more news.zdnet.com: Microsoft asks for help from hackers. Read more www.theregister.co.uk: Adware makers exploit BitTorrent. Read more news.zdnet.com: Netscape sends out another patch. Read more www.computerworld.com: GAO says U.S. agencies unprepared to fight cyberthreats. Read more www.emarketer.com: The High Cost of Security. Read more

17 June 2005 Guides, Papers, etc www.eweek.com: Are Biometrics the Answer to the Password Problem? Read more Computer Viruses: The Threat Today and The Expected Future by Xin Li, 2003-09-29. Read more   Vulnerabilities & Exploits securitytracker.com: Sun Solaris lpadmin Lets Local Users Overwrite Arbitrary Files. Read more securitytracker.com: SquirrelMail Input Validation Holes in Multiple Scripts Permit Cross-Site Scripting Attacks. Read more securitytracker.com: ATutor Input Validation Bugs in Several Scripts Permit Cross-Site Scripting Attacks. Read more securitytracker.com: mcGallery Input Validation Holes Let Remote Users View Files and Determine the Installation Path. Read more securitytracker.com: socialMPN Input Validation Holes Permit SQL Injection Attacks. Read more securitytracker.com: Adobe Acrobat XML External Entity Error Lets Remote Users Determine File Existence. Read more securitytracker.com: Perl File::Path.pm rmtree() Race Condition May Let Local Users Create Privileged Binaries. Read more securitytracker.com: OpenBSD IPSec getsockopt() Bug Lets Local Users Deny Service. Read more   News news.zdnet.com: Your ISP as Net watchdog. Read more news.com.com: Microsoft meets the hackers. Read more www.securityfocus.com: Phishers look to net small fry. Read more www.msnbc.msn.com/: British government hit by e-mail attack. Read more www.theregister.co.uk: UK under cyber blitz. Read more news.com.com: Asian Trojans attacking U.K., agency warns. Read more www.detnews.com: British agency warns of Asian e-mail hacker attacks on vital networks. Read more www.globetechnology.com: Hackers hit Canadian credit bureau. Read more www.theregister.com: Enter Avalanche: P2P filesharing from Microsoft. Read more news.zdnet.com: Spyware and adware hide in BitTorrent downloads. Read more www.antisource.com: Private Message From Ebay Accounts Management !!! Read more www.haaretz.com: Yokne'am attorney indicted for hacking into computer, reading e-mails of former lover. Read more www.vnunet.com: Memory sticks threaten security defences. Read more news.mywebpal.com: Lawyers in Walker County child porn case hope to redefine law. Read more

16 June 2005 Guides, Papers, etc www.astalavista.com: Design, Implementation and Test of an Email Virus Throttle. Read more www.bleedingsnort.com: Malware Prevention through black-hole DNS. Read more www.irongeek.com: The Basics of Arpspoofing/Arppoisoning. Read more www.irongeek.com: Fun with Ettercap Filters. Read more   Tools: www.networksecuritytoolkit.org: Network Security Toolkit (NST). Read more   Vulnerabilities & Exploits www.eeye.com: eEye Digital Security Announces Discovery of New Security Flaw in Microsoft Windows. Read more securitytracker.com: paFileDB Multiple Bugs Permit SQL Injection and Cross-Site Scripting Attacks and Let Remote Users View or Execute Local Files. Read more www.securiteam.com: ViRobot Remote Code Inclusion (Exploit). Read more www.idefense.com: Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability. Read more   News news.bbc.co.uk: Asian hackers 'target UK firms'. Read more software.silicon.com: Worm takes AIM at your buddies. Read more news.com.com: New worm hits AIM network. Read more news.com.com: Zombie army camped out on AOL, report says. Read more www.vnunet.com: AOL branded most infected network. Read more www.scmagazine.com: Big ISP = Big zombie army. Read more www.adbumb.com: Microsoft: Soft On Censorship. Read more www.infoworld.com: Adware company Intermix settles lawsuit with Spitzer. Read more www.techworld.com: Put tight authentication on your WLAN. Read more www.vnunet.com: Online banking will lose edge if security fails. Read more www.theregister.co.uk: Users remain married to Windows 2000. Read more www.620ktar.com: Hackers Run Unauthorized Programs on PSP. Read more www.windowsecurity.com: Hiring Hackers As Security Consultants. Read more news.bbc.co.uk: The 'spider's web' of hacking. Read more www.reuters.com: New Yahoo service searches subscription sites. Read more news.com.com: Web shopping thrives amid phishing fears. Read more

Guides, Papers, etc www.astalavista.com: Warez Trading and Criminal Copyright Infringement. Read more   Vulnerabilities & Exploits xforce.iss.net: Multiple Microsoft Vulnerabilities - June 2005. Read more www.securityfocus.com: Anti-Virus Malformed ZIP Archives flaws [UPDATE]. Read more securitytracker.com: Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users. Read more securitytracker.com: Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents. Read more securitytracker.com: Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections. Read more securitytracker.com: Java Runtime Environment Internal Classes Lets Remote Users Access and Execute Files on the Target User's System. Read more securitytracker.com: Java Web Start java-vm-args Lets Remote Users Access and Execute Files on the Target User's System. Read more securitytracker.com: MikMod Buffer Overflow in 'marchive.c' May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Annuaire 1Two Input Validation Holes Permit Cross-Site Scripting Attacks. Read more securitytracker.com: Singapore Discloses Path to Remote Users and Permits Cross-Site Scripting Attacks. Read more securitytracker.com: FusionBB Input Validation Holes Let Remote Users Inject SQL Commands, View Files, and Execute Files. Read more   News Microsoft Security Bulletin MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358). Read more Microsoft Security Bulletin MS02-035 SQL Server Installation Process May Leave Passwords on System (Q263968)Read more Microsoft Security Bulletin MS05-004 ASP.NET Path Validation Vulnerability (887219) Read more Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066). Read more www.newscientist.com: Hashing exploit threatens digital security. Read more www.cio-today.com: MSN China Criticized over Censorship. Read more news.zdnet.com: Java flaws open door to hackers. Read more www.eweek.com: Adware-for-Hire Vector Underscores IE Holes. Read more www.newsfactor.com: Experts: Security Demands Multiple Strategies. Read more news.zdnet.com: Browser-based attacks increase as viruses decrease. Read more www.theregister.co.uk: VXers love Britney Spears - official. Read more www.techweb.com: Celebrities Spread (Computer) Diseases. Read more www.techweb.com: Report Finds Most 'Canadian' Drug Sites Are Frauds. Read more www.techweb.com: Windows 2000 Still Dominates Enterprises. Read more news.zdnet.com: Feds vulnerable to lots of Net threats. Read more

Guides, Papers, etc www.securityfocus.com: Software Firewalls: Made of Straw? Read more www.schneier.com: Attack Trends: 2004 and 2005. Read more Towards a Third Generation Data Capture Architecture for Honeynets by Edward Balas and Camilo Viecco. Read more   Tools: www.securiteam.com: Anonycat - Anonymous Surfing. Read more   Vulnerabilities & Exploits securitytracker.com: Sysreport May Disclose the up2date Proxy Password Via the System Report. Read more securitytracker.com: gedit Format String Flaw May Let Remote Users Cause Arbitrary Code to Be Executed. Read more securitytracker.com: Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges. Read more www.cirt.dk: Novell eDirectory 8.7.3 DOS Device name Denial of Service. Read more www.cirt.dk: Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module. Read more   News www.securityfocus.com: Stealthy Trojan horses, modular bot software dodging defenses. Read more software.silicon.com: Microsoft gets smart about online security. Read more www.computerworld.com.au: Invisible encryption. Read more www.vnunet.com: Latest trojan cashes in on mobile malware hype. Read more www.infoworld.com: Britney Spears ranked top virus celebrity. Read more news.com.com: IE7 being developed to resist spyware. Read more www.vnunet.com: Consumers clueless about IT security. Read more

13 June 2005 Guides, Papers, etc www.isaserver.org: Understanding the Web Proxy and Firewall Client Automatic Configuration. Read more www.windowsecurity.com: Code Signing: Is it a Security Feature? Read more www.computerworld.com: The Security Risks of Desktop Searches. Read more www.computerworld.com: What to ask when evaluating intrusion-prevention systems. Read more www.computerworld.com: Preserving Digital Evidence to Bring Hackers and Attackers to Justice. Read more www.opennetinitiative.net: Internet Filtering in China in 2004-2005: A Country Study. Read more www.opennetinitiative.net: Google Search & Cache Filtering Behind China's Great Firewall. Read more www.opennetinitiative.net: Probing Chinese search engine filtering. Read more Forensic examination of log files by Joan Petur Petersen. Read more   Tools: www.neowin.net: Kaspersky Anti-Virus 2006 (Beta) 6.0.12.167. Read more   Vulnerabilities & Exploits securitytracker.com: JamMail Input Validation Hole in 'mail' Parameter Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code. Read more securitytracker.com: WebHints Input Validation Bug Lets Remote Users Execute Arbitrary Commands. Read more www.securiteam.com: GNU Mailutils Remote Format String Exploit (IMAP4d). Read more www.securiteam.com: WebHints Remote Command Execution (Exploit, hints.pl). Read more   News www.newscientist.com: Computer viruses become hacker informants. Read more www.zdnet.com.au: Spying worms likely to proliferate. Read more www.asahi.com: Creator of `Yafoo!' site becomes first suspect in phishing scam. Read more news.bbc.co.uk: Virus flood threatens home users. Read more www.zdnet.com.au: Anti gypsy-music virus welcomed by victims. Read more www.chron.com: UT hacker faces up to 6 years in prison. Read more australianit.news.com.au: Brit hacker looked for X-Files. Read more www.smh.com.au: Hong Kong plans to enact anti-spam law. Read more www.bizjournals.com: Secret rhythms: Firm finds security in keystrokes. Read more informationweek.com: Firefox Entering The Mainstream. Read more

12 June 2005 Guides, Papers, etc cc.uoregon.edu: Web Browser Hijacking: What Is It and How Can You Protect Yourself? Read more Checking Microsoft Windows� Systems for Signs of Compromise. Read more   News news.moneycentral.msn.com: Microsoft bans 'democracy' for China web users. Read more news.bbc.co.uk: A little less censorship? Read more news.bbc.co.uk: Microsoft warns on security fixes. Read more www.msnbc.msn.com: �Nigerian scams� keep evolving. Read more www.informationweek.com: Research Shows Bluetooth Can Be Hacked In Milliseconds. Read more catless.ncl.ac.uk: Search engines making sensitive information easy to locate. Read more www.sfgate.com: Internet founders to be honored with computing's 'Nobel'. Read more news.bbc.co.uk: Chinese gamer sentenced to life. Read more arstechnica.com: Microsoft reveals its "Blackberry killer". Read more www.informationweek.com: From Russia With Malware. Read more news.bbc.co.uk: Rise in public sector PC misuse. Read more www.informationweek.com: Making Secure Sockets Layer More Secure. Read more news.bbc.co.uk: Military 'hacker' freed on bail. Read more www.informationweek.com: Tech Vs. Terrorism. Read more www.informationweek.com: Tools Help Keep Bugs Out From The Beginning. Read more www.informationweek.com: Even Taxi Cabs Are Worried About Consumer Data Security. Read more

11 June 2005 Guides, Papers, etc www.eweek.com: Microsoft's Security Response Center: How Little Patches Are Made. Read more www.eweek.com: What Else Do Google Ads Finance? By Larry Seltzer Read more Black Hat USA 2005 Briefings and Training Caesars Palace, Las Vegas � July 23-28, 2005. Read more www.astalavista.com: Who Owns Your Network? A Discussion of Bot Networks. Read more www.eweek.com: Seagate Introduces Hardware-Encrypted Notebook Hard Drive. Read more Concepts for the Stealth Windows Rootkit (The Chameleon Project) Joanna Rutkowska. Read more   Tools: enterprisesecurity.symantec.com: The Symantec Worm Simulator visually demonstrates how worms spread through the Internet, and how they fare against a custom network and security policy. Read more modGREPER is a hidden module detector for Windows 2000/XP/2003. It searches through whole kernel memory (0x80000000 � 0xffffffff) in order to find structures which looks like a valid module description objects.   Vulnerabilities & Exploits securitytracker.com: xMySQLadmin Lets Local Users Delete Files. Read more securitytracker.com: Gaim Flaws in Processing Yahoo! and MSN Packets Let Remote Users Deny Service. Read more securitytracker.com: Adobe Photoshop License Management Service Flaw Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Adobe Premiere Pro License Management Service Flaw Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Adobe Creative Suite License Management Service Flaw Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia FreeHand eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Captivate eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Contribute eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Director eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Studio eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Dreamweaver eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Fireworks eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Flash eLicensing Function Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Macromedia Contribute eLicensing Function Lets Local Users Gain Elevated Privileges. Read more   News www.vnunet.com: Jacko suicide Trojan spreading fast. Read more news.com.com: Hackers create Jackson rumor. Read more www.theregister.co.uk: Bogus Jackson suicide bid claim used to spread malware. Read more news.zdnet.com: Skulls Trojan puts on antivirus mask. Read more www.techweb.com: RSS To Carry Spyware Before Year's Out. Read more news.zdnet.com: Recon worms on the way, experts say. Read more www.vnunet.com: Apple patches 11 security holes. Read more news.com.com: Faulty update crashes ZoneAlarm firewall. Read more www.theregister.co.uk: Dutch hacker love-in will get permit. Read more comment.zdnet.co.uk: NASA hacker is no Neo. Read more www.cio-today.com: Ballmer Warns of Internet Security Dangers. Read more news.zdnet.com: Forum host grapples with cyberattack. Read more asia.internet.com: Hackers Monkey With Korean Mozilla Site. Read more news.zdnet.com: Opera, Firefox squabble over best-browser claim. Read more www.eweek.com: Analysts: Windows Mobile 5.0 Security Falls Short. Read more www.vnunet.com: Public sector porn downloading soars. Read more www.cio-today.com: HP Breaks Into Nano Circuits. Read more software.silicon.com: Microsoft to turn cracked Windows legal for $1? Read more

10 June 2005 Guides, Papers, etc www.securityfocus.com: Meanwhile, on the other side of the web server" - a new write-up by Amit Klein. Read more csrc.nist.gov: Security Considerations for Voice Over IP Systems. Read more www.eweek.com: IE 7.0's Future Is in 2003. Read more www.biosmagazine.co.uk: Using A Network Analyser As A Security Tool. Read more www.techweb.com: Gartner IDs 'Over-Hyped' Security Threats. Read more Building a GenII Honeynet Gateway by Diego Gonz�lez G�mez. Read more www.astalavista.com: An Interview with Destruction. Read more   Vulnerabilities & Exploits securitytracker.com: WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code. Read more www.securiteam.com: WinZip Local Buffer Overflow (Exploit). Read more rgod.altervista.org: 602 Lan Suite _ resources consumption and remote program execution. Read more securitytracker.com: SilverCity File Permissions Let Local Users Gain Elevated Privileges. Read more securitytracker.com: Linux Kernel mmap() Lets Local Users Create Invalid Memory Maps to Deny Service or Execute Arbitrary Code. Read more securitytracker.com: Linux Kernel AMD64 Address Validation Flaw in ptrace() Lets Local Users Deny Service. Read more securitytracker.com: Ovidentia Include File Bug in 'index.php' Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Apple's Managed Client for OS X (MCX) Discloses Portable Home Directory Credentials to Local Users. Read more securitytracker.com: Loki Download Manager Input Validation Holes Permit SQL Injection Attacks. Read more securitytracker.com: Mac OS X Folder Permission Flaw May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: AOL AIM 'ateimg32.dll' Lets Remote Users Crash AIM With a Malicious Buddy Icon. Read more securitytracker.com: Apple OS X CoreGraphics Local Console Root Access. Read more securitytracker.com: Mac OS X NFS Export Restrictions Are Not Properly Enforced. Read more securitytracker.com: Apple LaunchServices Lets Remote Users Bypass the File Dowload Dialog. Read more securitytracker.com: Apple Mac OS X launchd Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Apple CoreGraphics PDF File Null Pointer Dereference Lets Remote Users Deny Service. Read more securitytracker.com: Apple File Protocol (AFP) Server Buffer Overflow in Legacy Client Support Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Apple File Protocol (AFP) Server May Prevent Users From Accessing Certain Files. Read more securitytracker.com: Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access. Read more www.securiteam.com: Tcpdump Remote Denial of Service Exploit (bgp_update_print). Read more www.zataz.net: xmysqladmin insecure temporary file creation. Read more   News www.vnunet.com: Mytob variant hides sting in the tail. Read more www.vnunet.com: Symantec sues for right to delete spyware. Read more www.theregister.co.uk: Symantec ask court to rule Hotbar.com as adware. Read more www.vnunet.com: Microsoft fixes Hotmail hack. Read more www.techweb.com: Microsoft Plans 10 Patches Next Tuesday. Read more www.vnunet.com: British hacker out on bail. Read more news.xinhuanet.com: New software to kill unknown viruses. Read more www.theregister.co.uk: Spyware probe PI in hospital after fall. Read more www.infonetics.com: Network Security Market Up 5% in 1Q05. Read more www.vnunet.com: GNER prints passwords in customer magazine. Read more news.com.com: Companies ramping up e-mail monitoring. Read more

09 June 2005 Guides, Papers, etc www.computerworld.com: Insecurity through obscurity. Read more www.securityfocus.com: Latest Bluetooth attack makes short work of weak passwords. Read more www.securityfocus.com: A Role Model for Security. Almost. Read more www.computerworld.com: What to ask when evaluating intrusion-prevention systems. Read more blog.ziffdavis.com: Security & MacOS on Intel. Read more Application of a Methodology to Characterize Rootkits Retrieved from Honeynets. Read more   Vulnerabilities & Exploits research.seniorennet.be: NEW security hole / exploit in IE6 with SP2 and all the latest security patches. Read more securitytracker.com: Tcpdump Infinite Loop Error in bgp_update_print() Lets Remote Users Deny Service. Read more securitytracker.com: IBM AIX Buffer Overflows in invscout, paginit, diagTasksWebSM, getlvname, and swcons Commands and Multiple p Commands Let Local Users Execute Arbitrary Code. Read more securitytracker.com: SMTP Server for Windows NT/2000/XP/2003 Lets Remote Users Crash the SMTP Service. Read more securitytracker.com: Kaspersky AntiVirus 'klif.sys' Driver Access Flaw Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: ProductCart Input Validation Flaws in 'viewPrd.asp' and Various 'pcadmin' Scripts Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Cerberus Helpdesk Input Validation Holes Permit Cross-Site Scripting Attacks. Read more securitytracker.com: Pragma TelnetServer Lets Remote Authenticated Users Obfuscate Log Entries During Display. Read more securitytracker.com: FortiGate Antivirus Firewall Uses a Common Maintenance Account Password That Yields Root Access to Physically Local Users. Read more securitytracker.com: FortiLog Server Uses a Common Maintenance Account Password That Yields Root Access to Physically Local Users. Read more securitytracker.com: IBM WebSphere Application Server Buffer Overflow in Administrative Console Lets Remote Users Execute Arbitrary Commands. Read more   News www.theregister.co.uk: Bluetooth hack shakes mobile security. Read more www.theregister.co.uk: VXers go phishing with latest MyTob worms. Read more www.theregister.co.uk: Hotmail users exposed to cookie snaffling exploit. Read more www.theregister.co.uk: MS patches XP for HD video acceleration. Read more www.theinquirer.net: Trojan suspect throws himself down Israeli cops� stairs. Read more www.it-director.com: Banking on security. Read more www.vnunet.com: Users claim victory over spyware. Read more www.informationweek.com: U.K. Court Grants Bail To Suspected Hacker of U.S. Military Computers. Read more www.vnunet.com: British hacker up for extradition. Read more www.informationweek.com: Microsoft Centralizes Patch Management. Read more www.informationweek.com: IM Worm Blitz Continues. Read more www.informationweek.com: Microsoft Adds Sender ID Anti-Spoofing Protocol To Exchange 2003 SP2. Read more www.informationweek.com: Symantec Turns Tables On Adware Vendor, Files Suit. Read more www.infoworld.com: ISPs found innocent of aiding zombie attacks in 'trial'. Read more

08 June 2005 Guides, Papers, etc www.eeye.com: Vice Newsletter - June 8, 2005. Read more   Tools: www.sans.org: Tools for Defense In-Depth. Read more   Vulnerabilities & Exploits www.frsirt.com: Kaspersky AntiVirus "klif.sys" Privilege Escalation Vulnerability. Read more www.rgod.altervista.org: Pragma Telnetserver 6.0 - html log obfuscation. Read more securitytracker.com: Sun ONE Application Server Discloses Files to Remote Users. Read more securitytracker.com: GNU Mailutils Input Validation Error in sql_escape_string() Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Mortiforo Access Control Flaw Lets Remote Users Access Private Forums. Read more securitytracker.com: desknet's Input Validation Error in Displaying HTML Mail Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Clustered JDBC May Disclose a Target Users' Cached Results to Remote Users. Read more securitytracker.com: phpBB BBCode URL Tag Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Popper Include File Bug in 'childwindow.inc.php' Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input Validation Flaw Has Unspecified Impact. Read more securitytracker.com: FlatNuke Referer Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users. Read more securitytracker.com: LutelWall Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: RakNet Lets Remote Users Freeze the System With a Zero Byte UDP Packet. Read more securitytracker.com: Everybuddy Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more www.frsirt.com: Sun ONE Application Server Information Disclosure Vulnerability. Read more www.frsirt.com: Sun Solaris Unspecified C Library Privilege Escalation Issue. Read more www.appsecinc.com: Buffer overflow in WebSphere Application Server Administrative Console. Read more   News constitutionalcode.blogspot.com: Security Researcher Guillermito Fined in Civil Case. Read more australianit.news.com.au: Police nab star military hacker. Read more www.newscientist.com: New hack cracks 'secure' Bluetooth devices. Read more www.benedelman.org: More on Google's Role: Syndicated Ads Shown Through Ill-Gotten Third-Party Toolbars. Read more blog.ziffdavis.com: Security & MacOS on Intel. Read more www.zdnet.com.au: MSN flaw put Hotmail accounts at risk. Read more www.webuser.co.uk: Trojan horse disguised as lion. Read more news.zdnet.com: Microsoft delivers new patching tools. Read more www.theregister.co.uk: Firefox spoof bug returns from the dead. Read more www.zdnet.com.au: Debian ships sans security updates. Read more www.theregister.co.uk: Study: Flaw disclosure hurts software makers' stock. Read more www.theregister.co.uk: Citibank admits: we've lost the backup tape. Read more www.it-director.com: Banking on security. Read more www.zdnet.com.au: Three-year wait ends for Debian fans. Read more www.businessweek.com: Is the Penguin Losing a Step? Read more

07 June 2005 Guides, Papers, etc www.syn-ack.org: Analysis: Postbank.nl Phishing Scam. Read more www.theregister.co.uk: Security Barometer Survey The Psychology of Security. Read more www.theregister.co.uk: Barometer Survey: IT Security. Read more www.wired.com: A Tale of Two Hackers. Read more www.securityfocus.com: Microsoft's Most Successful Failure. Read more www.securityfocus.com: Study: Flaw disclosure hurts software maker's stock. Read more HTTP REQUEST SMUGGLING A new attack technique that has recently emerged. This attack technique, and the derived attacks, are relevant to most web environments and are the result of an HTTP server or device�s failure to properly handle malformed inbound HTTP requests. Read more   Tools: www.securityfocus.com: tattle` -- automatic reporting of SSH brute-force attacks. Read more Spam Trap is a CGI gizmo that generates potentially infinite numbers of bogus email addresses to clog up spammers' databases when their email-collecting bots come visiting. Read more   Vulnerabilities & Exploits secunia.com: Camino vulnerability re-discovered again Multiple Browsers Frame Injection Vulnerability Test. Read more securitytracker.com: GIPTables Firewall Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Sun Solaris libc __init_suid_priv() Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Filesystem in Userspace (FUSE) May Disclose Information to Local Users. Read more securitytracker.com: Sawmill Lets Remote Authenticated Users Gain Elevated Privileges and Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: 602LAN SUITE HTML Log File Processing Flaw Lets Remote Users Obfuscate Log Entries. Read more securitytracker.com: WWWeb Concepts Events System 'login.asp' Input Validation Hole Permits SQL Injection. Read more securitytracker.com: YaPiG Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Create/Delete Directories and Let Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: KDbg Unsafe Session Files May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: ImageMagick Heap Overflow in ReadPNMImage() May Let Remote Users Execute Arbitrary Code. Read more www.securiteam.com: CrobFTP Remote Stack Overflow (Long Directories, Exploit). Read more www.securiteam.com: ePSXe Local Stack Overflow (Exploit). Read more www.sven-tantau.de: FUSE: Filesystem in Userspace - Information Disclosure. Read more www.zataz.net: LutelWall insecure temporary file creation. Read more security.lss.hr: Popper webmail remote code execution vulnerability. Read more security.lss.hr: Crob FTP Server remote buffer overflows. Read more   News software.silicon.com: Firefox flaw reopens old wounds. Read more www.eweek.com: Spoofing Risk Returns to Mozilla Browsers. Read more news.softpedia.com: MyTob based super-worm to cause mayhem on the Internet. Read more www.theregister.co.uk: Online gamers targeted in Korean MSN hack attack. Read more www.computerweekly.com: Firms warned they may be targets of Trojan spies. Read more www.eweek.com: Microsoft Planning 'Lower Rights' IE 7.0. Read more www.eweek.com: Triple-Barreled Trojan Attack Builds Botnets. Read more www.theregister.co.uk: The Escapist - cybercrime, hackery and sex. Read more www.theregister.co.uk: VMware starts virtual machine club for developers and ISVs. Read more

06 June 2005 Guides, Papers, etc The Evolution of Viruses and Worms. Read more   Vulnerabilities & Exploits rgod.altervista.org: 602 Lan Suite 2004 _ mailicious tags in GET request lead to malfunction of the HTML server message list in the built-in web server control panel. Read more securitytracker.com: LiteWeb Lets Remote Users Access Restricted Pages. Read more   News nwc.securitypipeline.com: Tools Help Keep Bugs Out From The Beginning. Read more www.earthtimes.org: Security firms issue warnings of Trojan attacks. Read more www.detnews.com: Days passed before Microsoft learned its popular Web site in South Korea had been hacked. Read more hosted.ap.org: MSN Site Hacking Went Undetected for Days. Read more www.javareport.com: Unencrypted Backups Can Be Worse than Worthless. Read more nwc.securitypipeline.com: "Osama Captured" E-mail Trojan Infected. Read more nwc.securitypipeline.com: Spy Software Code Had Design Flaw. Read more

05 June 2005 145 new files have been added to the archive. Read more   Guides, Papers, etc informationweek.com: Langa Letter: XP Professional's "Remote Control" Option. Read more www.eeproductcenter.com: Langa Letter: How To Ensure Remote-Control Security With XP. Read more INTERNET WORMS AS INTERNET-WIDE THREAT by Nikolai Joukov and Tzi-cker Chiueh. Read more   Tools: www.0x90.org: Mezcal is an HTTP/HTTPS bruteforcing tool allowing the crafting of requests and insertion of dynamic variables on-the-fly. Read more www.ri0tnet.net: DISE Spawns multiple instances of itself to simulate simultaneous random attack using zombie servers. DISE gets a list to be used as zombies for the idle scans, and launches an Nmap idle scan on the target host(s). Read more   Vulnerabilities & Exploits www.net-force.nl: Hacking hotmail, by Alex de Vries - 04 june 2005. Read more www.frsirt.com: Bluetooth Protocol Device Pairing Process Remote Vulnerability. Read more www.frsirt.com: IBM WebSphere Application Server Buffer Overflow Vulnerability. Read more www.frsirt.com: MWChat "start_lobby.php" Remote File Inclusion Vulnerability. Read more www.frsirt.com: Popper "childwindow.inc.php" Remote File Inclusion Vulnerability. Read more www.frsirt.com: Redhat Security Update Fixes Kdbg Insecure Permissions Issue. Read more   News www.webuser.co.uk: Mytob worms stop anti-virus protection. Read more www.pcworld.com: Top-level Domain Name Suggested for Porn. Reda more www.rsicopyright.com: Beware The Trojan Horse. Read more www.pcworld.com: Details on How a Sophisticated Web Attack Works. Read more

04 June 2005 145 new files have been added to the archive. Read more   Guides, Papers, etc www.astalavista.com: Hacking in a Foreign Language: A Network Security Guide to Russia. Read more www.annenbergpublicpolicycenter.org: Annenberg Study Shows Americans Vulnerable To Exploitation in the Online and Offline Marketplace. Read more on the Advantages of Deploying a Large Scale Distributed Honeypot Platform. Read more   Tools: www.rgod.altervista.org: NmapGUI v0.9 for Win32 by rgod. Read more   Vulnerabilities & Exploits www.rgod.altervista.org: Mirc 6.16 & "generic Edit component" win32 trick by rgod. Here it is how a Trojan can take advantage of mirc and other messaging software in order to send to the attacker passwords and other stuff, bypassing firewall rules. Read more www.debian.org: DSA-732-1 mailutils -- several vulnerabilities. Read more   News times.hankooki.com: N. Korea�s Hacking Capability Could Disrupt US Military: Expert. Read more www.theregister.co.uk: Hackers plot to create massive botnet. Read more www.theregister.co.uk: Trojan poses as Osama capture pics. Read more www.startribune.com: Hackers hit Microsoft website in South Korea, steal passwords for days. Read more www.pcworld.com: Are Virus Writers Creating a Super Worm? Read more www.theregister.co.uk: Hack can upgrade XP Home to XP Pro Lite. Read more news.zdnet.co.uk: Anti-Spyware Coalition to define terms. Read more news.zdnet.co.uk: Malware variant trend reflects police action. Read more news.zdnet.co.uk: Three-stage Bagle variants alarm experts. Read more www.vnunet.com: Hilton customers targeted by phishers. Read more www.vnunet.com: New bill proposes 10-year sentence for online fraud. Read more

03 June 2005 145 new files have been added to the archive. Read more   Guides, Papers, etc www.securityfocus.com: The True Computer Parasite. Read more www.vnunet.com: Deterrence must be the key to avoiding DDoS attacks. Read more code.google.com: The Summer of Code is Google's program designed to introduce students to the world of Open Source Software Development. Read more TROJANS, WORMS, AND SPYWARE, A Computer Security Professional�s Guide to Malicious Code by Michael Erbschloe. Read more     Vulnerabilities & Exploits securitytracker.com: SPA-PRO Mail @Solomon Input Validation Hole Discloses Files to Remote Users and Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: MWChat Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: HP OpenView Radia Buffer Overflow in RADEXECD Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: e-Post SPA-PRO Mail Service Buffer Overflow. Read more www.securiteam.com: myBloggie SQL Injection (Exploit). Read more www.securiteam.com: MyBulletinBoard(MyBB) SQL Injection (Exploit). Read more www.debian.org: DSA-731-1 krb4 -- buffer overflows. Read more   News www.cnn.com: Microsoft: MSN site hacked in South Korea. Read more www.theregister.co.uk: Window of exposure lets viruses run rampant. Read more www.theinquirer.net: Hackers booby trapped MSN. Read more www.vnunet.com: Hacking fear drives up network security market. Read more www.informationweek.com: Hackers, Spammers Partner Up To Wreak Havoc. Read more comment.zdnet.co.uk: Viruses bring a sting in the tail. Read more software.silicon.com: Virus warning: Bagle variant has alarming attack strategy. Read more www.heraldsun.news.com.au: Ransom virus strikes. Read more

02 June 2005 145 new files have been added to the archive. Read more   Guides, Papers, etc Beagle.BG-BJ/Mitglieder (Tooso) Propagation by infectionvectors.com. Read more   Tools: www.mozilla.org: Deer Park Alpha 1 is an alpha release of our next generation Firefox browser and it is being made available for testing purposes only. Read more www.earthtimes.org: Yahoo! comes out with intelligent search tool. Read more   Vulnerabilities & Exploits securitytracker.com: Symantec Brightmail AntiSpam Uses Common Default Database Password. Read more securitytracker.com: livingmailing Input Validation Hole Lets Remote Users Inject SQL Commands. Read more securitytracker.com: JiRo's Upload System Input Validation Hole in Admin Panel Lets Remote Users Inject SQL Commands. Read more securitytracker.com: (i)Site Discloses Database and Passwords to Remote Users and Permits SQL Injection. Read more securitytracker.com: Ettercap Format String Flaw in curses_msg() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Calendarix Advanced Include File Flaw Lets Remote Users Execute Commands and Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more securitytracker.com: MyBB Input Validation Holes in Multiple Scripts Permit SQL Injection and Cross-Site Scripting Attacks. Read more securitytracker.com: MyBB Input Validation Hole in 'usercp.php' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: FutureSoft TFTP Server 2000 Buffer Overflow Lets Remote Users Execute Arbitrary Code and Input Validation Hole Discloses Files to Remote Users. Read more   News www.internetweek.com: Sober Worm Causes Surge In Virus-Infected E-Mail. Read more www.theregister.co.uk: Sober worm tops May viral charts. Read more news.zdnet.co.uk: Bagle and Mytob evolve again. Read more www.zdnet.com.au: Trojan horse could recruit 'Fagin's gang'. Read more news.zdnet.co.uk: Malware variant trend reflects police action. Read more www.asahi.com: Hacker attacked weak point on Kakaku.com's Web site. Read more news.zdnet.co.uk: 'Serious vulnerability' found in Nortel VPNs. Read more www.pcworld.com: How Savvy Are You About Your Online Security? Read more www.stuff.co.nz: Police left phishing for details of scam website. Read more news.zdnet.com: Group pools data to trap phishers. Read more

01 June 2005 145 new files have been added to the archive. Read more   Guides, Papers, etc www.oxid.it: Remote Desktop Protocol, the Good the Bad and the Ugly. Read more www.microscope.co.uk: Encryption: the key to secure data? Read more www.prolexic.com: The Prolexic Zombie Report. Read more Hiding an Intrusion Detection System (IDS) by Bob Radvanovsky. Read more   Vulnerabilities & Exploits www.securityfocus.com: Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability. Read more www.securityfocus.com: Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability. Read more www.securityfocus.com: Multiple Browser URI Obfuscation Weakness. Read more www.securityfocus.com: Microsoft Internet Explorer Method Caching Mouse Click Event Hijacking Vulnerability. Read more www.securityfocus.com: Microsoft Windows DHTML Edit Control Script Injection Vulnerability. Read more www.guninski.com: 64 bit qmail fun. Read more securitytracker.com: PowerDownload Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: X-Cart Multiple Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more securitytracker.com: Quick Cart Input Validation Flaw in 'search' Field Permits Cross-Site Scripting Attacks. Read more securitytracker.com: ServersCheck Lets Remote Authenticated Users Traverse the Directory. Read more securitytracker.com: India Software Solution Shopping Cart Input Validation Hole in 'signin.asp' Permits SQL Injection. Read more securitytracker.com: NPDS Input Validation Holes in 'glossaire' Module and Links Search Script Permit SQL Injection. Read more securitytracker.com: Online Solutions for Educators Input Validation Hole Permits SQL Injection. Read more www.securiteam.com: IBM AIX invscout Local Exploit. Read more www.securiteam.com: Vulnerability in OLE and COM Allows Remote Code Execution (Exploit, MS05-012). Read more www.securiteam.com: phpStat Authentication Bypass Vulnerability (Exploit, Setup.PHP). Read more www.securiteam.com: ZeroBoard Remote Command Execution (Exploit, preg_replace). Read more   News www.eweek.com: Assume Malware Espionage Is Common. Read more www.computerworld.com: Israeli police uncover Trojan industrial spy ring. Read more www.theregister.co.uk: Blank virus blanks email. Read more www.computerworld.com: New Bagle variants spreading. Read more software.silicon.com: Virus warnings: Watch out for latest Bagle and Mytob. Read more www.vnunet.com: IM worm lures users to the dark side. Read more www.telecomasia.net: BT warns customers of 'Trojan dialer'. Read more www.securityfocus.com/: July trial for Sasser suspect. Read more www.microscope.co.uk: Bank of America to use two-factor system to beat phishers. Read more www.microscope.co.uk: Payment processing firms look to protect against denial of service. Read more www.eweek.com: Security Tool Can 'Frisk' PCs. Read more www.zone-h.org: US Hackers at the Service of the Nation! But Who is the Enemy? Read more www.internetweek.com: Developing Countries Hit Hardest By Spam. Read more

Copyright� MegaSecurity.org