Home    News Archive    Translate Traducen

News October 2004

31 October 2004 Tools www.sys-security.com: Xprobe I combines various remote active operating system fingerprinting methods using the ICMP protocol, which were discovered during the "ICMP Usage in Scanning" research project, into a simple, fast, efficient and a powerful way to detect an underlying operating system a targeted host is using. Read more tanaya.net: Bulldog is a powerful but lightweight firewall for heavy use systems. With many features, this firewall can be used by anyone who wants to protect his/her systems. Platforms: Linux. Read more www.mazzoft.com: Byteshelter One encrypts data and hides it in .doc files or e-mail messages. Read more   Guides, Papers, etc www.research.ibm.com: Inside the Mind of Dark Avenger. The Bulgarian Dark Avenger writes viruses. Much like Hannibal Lecter, he is clever - and cunningly dangerous. In a unique interview, Sarah Gordon - much like Clarice Starling - explores the cold logic of a criminal brain. Read more www.microsoft.com: Messaging Hygiene at Microsoft Detailed discussion on how Microsoft IT manages the large quantities of unwanted e-mail (a.k.a. spam) and malware-infected messages in its inbound Internet e-mail traffic. Read more packetstormsecurity.nl: SPYWARE EXPLAINED (pdf). Read more   Vulnerabilities & Exploits cvs.sourceforge.net: vulnerability in bogofilter/bogolexer. Read more securitytracker.com: Epiphany Browser Tabbed Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Galeon Browser Tabbed Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Google Flaw Lets Remote Users Hijack Accounts. Read more securitytracker.com: mixplayd Format String Flaw May Let Users Execute Arbitrary Code. Read more securitytracker.com: Caudium Web Server Can Be Crashed By Remote Users. Read more securitytracker.com: MIMEDefang Security Flaws Have Unspecified Impact. Read more securitytracker.com: GSuite Discloses Passwords to Local Users. Read more securitytracker.com: Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link. Read more securitytracker.com: Cyber Web Filter IP Address Web Blocking Can Be Bypassed. Read more securitytracker.com: PHP cURL Functions Let Scripts Byass the 'open_basedir' Directory Restrictions. Read more securitytracker.com: Catdoc xlsview Symlink Flaw May Let Local Users Gain Elevated Privileges. Read more   News: www.newsfactor.com: Bagle Evades News Cycle, Spreads Across Europe. Read more www.metafilter.com: Nigerian Email Scams. Read more www.vnunet.com: Zafi-C mutant virus targets Google and Microsoft. Read more www.vnunet.com: 28 arrested in global web fraud sting. Read more www.computerworld.com: Symantec tries to widen reach beyond security tools. Read more

30 October 2004 Guides, Papers, etc www.security.nnov.ru: Bypassing client application protection techniques. Read more www.phrack.org: Using Process Infection to Bypass Windows Software Firewalls. Read more   Vulnerabilities & Exploits aluigi.altervista.org: FAKE PLAYERS BUG. Read more secunia.com: PuTTY IPv6 "SSH2_MSG_DEBUG" Packet Handling Buffer Overflow. Read more secunia.com: Shadow "passwd_check()" Security Bypass Vulnerability. Read more www.debian.org: DSA-577-1 postgresql -- local. Read more www.osvdb.org: Master of Orion III Data Block Size Mismatch DoS. Read more   News: news.com.com: Reheated Bagle smokes out antivirus defenses. Read more www.theregister.co.uk: Bagle variant outstrips Google-bashing worm. Read more www.hindustantimes.com: Bagle worm variant spreads across Asia, Europe, US. Read more itvibe.com: Bagle-AU worm turns off XP firewall. Read more www.chron.com: Digital mafia hitting Web sites in protection racket. Read more www.theregister.co.uk: Gmail accounts 'wide open to exploit' - report. Read more news.com.com: Flaws found in Windows-based media players. Read more news.com.com: Hacking--do the pros now rule? Read more news.com.com: Study: Few corporations use anti-spyware tools. Read more www.securityfocus.com: Recording industry sues another 750 computer users. Read more www.theregister.co.uk: US giants move to can spammers. Read more

29 October 2004 Tools Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system. Read more   Guides, Papers, etc www.securityfocus.com: Trends in Web Application Security. Read more How to Bypass Most Firewall Restrictions and Access the Internet Privately aka The Surf At Work Page . Read more   Vulnerabilities & Exploits www.securityfocus.com: New URL spoofing bug in Microsoft Internet Explorer. Read more www.security.nnov.ru: Bypassing client application protection techniques. Read more www.securiteam.com: Fedora-Redhat Fake Security Alert / Trojan Source Code & Analysis. Read more securitytracker.com: Quake II Has Multiple Bugs That Let Remote Users Obtain Information, Deny Service, and Possibly Execute Arbitrary Code. Read more securitytracker.com: Shadow Authentication Error in chfn and chsh May Let Local Users Modify Account Properties. Read more securitytracker.com: Apple Remote Desktop Client Lets Local Users Run Applications With Root Privileges. Read more securitytracker.com: Apple QuickTime Integer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Master of Orion 3 Can Be Crashed By Remote Users. Read more www.debian.org: DSA-576-1 squid -- several vulnerabilities. Read more www.debian.org: DSA-575-1 catdoc -- insecure temporary file. Read more   News: news.zdnet.com:> Hacking becomes a full-time job. Read more news.com.com: Secret Service busts online ID fraud ring. Read more www.silicon.com: Worm takes aim at Google and Microsoft. Read more itvibe.com: Zafi virus attacks Hungarian Prime Minister. Read more www.securitypronews.com: Google Used In Phishing Scheme. Read more www.theregister.co.uk: Sourcefire touts 'smart' network defence. Read more www.terra.net.lb: Bush campaign cuts website off from foreign access for "security reasons". Read more

28 October 2004 Guides, Papers, etc www.hackingspirits.com: Demystifying Penetration Testing (zip). Download www.hackingspirits.com: Demystifying Google Hacks (pdf). Read more www.nextgenss.com: The Phishing Guide. Understanding & Preventing Phishing Attacks (pdf). Read more www.technicalinfo.net: HTML Code Injection and Cross-site scripting Understanding the cause and effect of CSS (XSS) Vulnerabilities. Read more www.nextgenss.com: Passive Information Gathering. The Analysis of Leaked Network Security Information (pdf). Read more www.eeye.com: Live Webinar: Best Practices in Vulnerability Management. Read more   Vulnerabilities & Exploits securitytracker.com: OmniWeb Browser Multi-Window Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Mega Upload Filenames in Querystring May Let Malicious Users Overwrite or Copy Files. Read more securitytracker.com: Horde Application Framework Input Validation Bug in Help Window Lets Remote Users Conduct Cross-Site Scripting. Read more securitytracker.com: PHPlist Has Unspecified Security Vulnerabilities. Read more securitytracker.com: zgv Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: WvTftp Buffer Overflow in Processing TFTP Options Lets Remote Users Execute Arbitrary Code with Root Privileges. Read more securitytracker.com: Samba pppd Callback Control Protocol Pointer Dereference May Let Remote Users Deny Service. Read more securitytracker.com: Hawking Technology Router Grants Remote Users Management Access. Read more securitytracker.com: GD Library Integer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: RealPlayer Skin File Buffer Overflow May Let Remote Users Run Arbitrary Code. Read more securitytracker.com: inetutils TFTP Client Has Buffer Overflows in Processing Resolved Host Data. Read more securitytracker.com: Hummingbird Connectivity Lets Remote Authenticated Users Deny Service and Local Users Grab System Privileges. Read more securitytracker.com: Libxml2 URL Parsing and DNS Resolution Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System. Read more securitytracker.com: MailCarrier Buffer Overflow in Processing EHLO SMTP Commands Lets Remote Users Execute Arbitrary Code. Read more www.debian.org: DSA-574-1 cabextract -- missing directory sanitising. Read more www.barrossecurity.com: mpg123 buffer overflows. Read more   News: www.theregister.co.uk: Virus experts fret over Myfip. Read more www.detnews.com: Study finds spyware, viruses everywhere. Read more www.guardian.co.uk: Governments and companies are gearing up to deal with spyware. Read more www.electricnews.net: IM photos compromise networks. Read more www.electricnews.net: Wi-Fi honeynet lures corporate users. Read more www.securityfocus.com: New Caller I.D. spoofing site opens. Read more www.theregister.co.uk: Bush website adopts isolationist stance. Read more www.theregister.co.uk: Bush website conspiracy theories darken skies. Read more

27 October 2004 Tools packetstormsecurity.nl: mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konquero...Download   Guides, Papers, etc www.securityfocus.com: Issues Discovering Compromised Machines. Read more packetstormsecurity.nl: A full analysis of the fake Fedora-Redhat security alert with trojan source code. Read more cansecwest.com: Call for papers, Network Security Training Conference. Read more   Vulnerabilities & Exploits packetstormsecurity.nl: Microsoft Internet Explorer ms-its scheme/CHM remote code execution. Read more securitytracker.com: PostNuke Downloads Site May Have Been Compromised. Read more securitytracker.com: Kaffeine Buffer Overflow in Processing Content-Type Headers Lets Remote Users Crash the Player. Read more securitytracker.com: iCab Browser Tabbed Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: SlimBrowser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: Google Desktop Search Input Validation Flaw in 'meta' Tag Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: OpenWFE Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Bugzilla Lets Remote Users Delete Keywords and May Disclose Private Information. Read more securitytracker.com: Phorum Unspecified Input Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: phpCodeGenie Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System. Read more www.securiteam.com: Mozilla Thunderbird/Firefox Insecure Temporary File Creation. Read more www.securiteam.com: Bugzilla Unauthorized Bug Modification And Information Disclosure Vulnerabilities. Read more www.securiteam.com: Kaffeine Media Player Content-Type Overflow. Read more   News: news.zdnet.co.uk: Trojan Horse uses war as cover. Read more www.nwfusion.com: Phish scam targets Red Hat Linux administrators. Read more www.theinquirer.net: Bush campaign website hacked. Read more www.net-security.org: Spyware/Spydeleter, Malware that Tries to Blackmail Users Online. Read more tired-of-spam.home.comcast.net: Mail Wiper and their "Marketing" techniques. Read more software.silicon.com: More mobile malware on the way? Read more www.theregister.co.uk: Firefox 1.0 limbers up for launch. Read more www.theinquirer.net: Linux more secure than Windows says study. Read more www.theregister.co.uk: Hacking: the must-have business tool. Read more

26 October 2004 Guides, Papers, etc www.securityfocus.com: The Latest Tool in Competition: Hacking. Read more www.securityfocus.com: Issues Discovering Compromised Machines. Read more www.webpronews.com: Pay-Per-Click Fraud Exposed. Read more www.webpronews.com: Pay-Per-Click Fraud Exposed--Part II. Read more www.cert.org: Before You Connect a New Computer to the Internet. Read more   Vulnerabilities & Exploits www.k-otik.com: Fedora-Redhat Fake Security Alert / Trojan Source Code & Analysis. Read more www.securiteam.com: How to Break Windows XP SP2 (Drag and Drop Media Files) - Proof of Concept. Read more securitytracker.com: Altiris Carbon Copy Solution System Tray Icon Lets Local Users Gain System Privileges. Read more securitytracker.com: NetCaptor Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: LinuxStat Input Validation Flaw Lets Remote Users View Files on the Target System. Read more securitytracker.com: IPplan Input Validation Holes May Let Remote Users Inject SQL Commands. Read more securitytracker.com: Window Maker Format String Flaw Has Unspecified Impact. Read more securitytracker.com: Mozilla Firefox Browser Hangs When Rendering Large Binary Files as HTML. Read more securitytracker.com: Mozilla Firefox Discloses Some Downloaded Files to Local Users. Read more securitytracker.com: Mozilla Thunderbird Discloses Some Attachments to Local Users. Read more securitytracker.com: EPiServer Input Validation Errors May Disclose Information to Remote Users. Read more securitytracker.com: MoniWiki Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: Ability Server FTP STOR Buffer Overflow. Read more www.securiteam.com: HP-UX stmkfont Local Privilege Escalation Vulnerability. Read more www.michaelevanchik.com: Microsoft Internet Explorer XP SP2 drag and drop execution 2.0. Read more   News: www.theregister.co.uk: Firefox 1.0 limbers up for launch. Read more www.theregister.co.uk: Mac OS X rootkit surfaces. Read more www.crn.com: Users See Spyware and Viruses Through Rose-Colored Glasses. Read more news.netcraft.com: Deceptive domain attacks launched against customers of Wells Fargo, Paypal, AOL, ... even Red Hat. Read more www.theregister.co.uk: Consumers hit by net security jitters. Read more

25 October 2004 Guides, Papers, etc packetstormsecurity.nl: Win32 Stack BufferOverFlow Real Life Vuln-Dev Process (pdf). Read more packetstormsecurity.nl: SetWindowLong Shatter Attacks (pdf). Read more blogs.msdn.com: "RunAs" basic (and intermediate) topics. Read more   Vulnerabilities & Exploits securitytracker.com: rssh Format String Flaw in 'log.c' May Let Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: Dwc_Articles Input Validation Flaws May Let Remote Users Inject SQL Commands. Read more securitytracker.com: AOL Journals Discloses E-mail Addresses to Remote Users. Read more securitytracker.com: Sun Java 2 Micro Edition (J2ME) Lets Remote Users Bypass Sandbox Restrictions. Read more securitytracker.com: Libtiff on SuSE Linux Has Buffer Overflow in OJPEGVSetField() That Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: pGina Default Configuration May Let Remote Desktop Users Deny Service. Read more   News: www.theinquirer.net: Hackers stop Guardian campaign. Read more news.zdnet.co.uk: Korean worm turns out to be Baba variant. Read more www.theinquirer.net: Red Hat users urged to patch with Trojan. Read more uk.news.yahoo.com: Computer security survey finds awareness gap. Read more www.620ktar.com: Security for Internet Users Deemed Weak. Read more www.pcworld.idg.com.au: Are hackers now gunning for the Mac? Read more www.guardian.co.uk: Second sight. About internet policing and child pornography. Read more

24 October 2004 Tools iamaphex.net: Webexe is a wrapper for EXE files on NT/2000/XP/2003. Instead of storing the payload file inside of a stub it is downloaded from a URL directly into memory. This means that each time the webexe is executed, a fresh copy of the payload is downloaded and executed DIRECTLY FROM MEMORY. Your payload is NEVER written to disk and will remain untouched by file scans. Read more www.diamondcs.com.au: JPEGScan. A Free Detection & Repair Scanner for Exploit.MS04-028 (GDIPlus JPEG Vulnerability). Read more   Guides, Papers, etc www.pcworld.com: Biography of a Worm. Read more REVENGE IS SWEET Using the oc192-dcom.c exploit to accomplish revenge. Read more   News: www.securityfocus.com: Is Windows up to snuff for running our world? Read more itvibe.com: Baba virus linked to South Korean university. Read more www.stuff.co.nz: From Russia with not much love. Read more www.theage.com.au: Anti-phishing app looks for users. Read more networks.silicon.com: Hackers post 'confession' on football ref's website. Read more news.zdnet.co.uk: Trojan attack uses fake Lewinsky pics. Read more www.fcw.com: IE alert issued. Read more www.stuff.co.nz: Hackers sabotage Waikato food company. Read more

23 October 2004 Vulnerabilities & Exploits securitytracker.com: Microsoft IE for Mac Multi-Window Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: socat Format String Flaw May Let Local Users Gain Elevated Privileges and Remote Users Gain Access. Read more securitytracker.com: HP Serviceguard May Let Remote Users Gain Root Privileges. Read more securitytracker.com: HP Cluster Object Manager May Let Remote Users Gain Root Privileges. Read more securitytracker.com: Microsoft Outlook May Display Images in Plaintext Only Mode. Read more securitytracker.com: dadaIMC Comment Field Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Netbilling 'nbmember.cgi' Discloses System and User Information to Remote Users. Read more securitytracker.com: Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service. Read more securitytracker.com: cPanel Webmail Only Requires First Eight Characters of Password. Read more securitytracker.com: UBBThreads Input Validation Error in 'dosearch.php' Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Serendipity Input Validation Flaws in Processing Request URI and HTTP Referer Field May Permit HTTP Response Splitting Attacks. Read more securitytracker.com: VERITAS NetBackup Flaw in 'bpjava-susvc' Lets Remote Authenticated Users Execute Commands With Root Privileges. Read more securitytracker.com: Altiris Deployment Server Client Authentication Hole Lets Remote Users Gain Full Control of the Client. Read more www.lovebug.org: Windows DoS in certain pGina configurations. Read more   News: www.theregister.co.uk: Windows v Linux security: the real facts. Read more news.zdnet.com: New Netsky worm linked to South Korea. Read more www.theregister.co.uk: Crackers force apology from Euro 2004 Swiss ref. Read more news.zdnet.com: UK paper's anti-Bush ploy gets hacked, sacked. Read more www.computerworld.com: Beat hackers and learn to spy at Italy's tech fair. Read more

22 October 2004 Tools ftp.europe.f-secure.com: The finnish F-Secure Anti-Virus company has posted an AVP-based "AllBot" disinfection utility, which should deal with the Wootbot, Agobot, Forbot, Rbot, Spybot, IRCBot, SDBot families of malware. Download   Vulnerabilities & Exploits securitytracker.com: Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations. Read more securitytracker.com: Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Ecartis May Let Certain Remote Users Gain Administrative Privileges. Read more securitytracker.com: Coppermine Lets Remote Users Vote For an Image Multiple Times. Read more securitytracker.com: Ability Mail Server Buffer Overflow in FTP STOR Command May Let Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: Linux iptables Integer Underflow Lets Remote Users Crash the System. Read more securitytracker.com: Linux Kernel Privileged Instruction Error May Let Local Users Gain Root Privileges. Read more securitytracker.com: libpng png_handle_tRNS() Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: libpng Image Height Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Nortel Contivity VPN Client May Let Remote Users Hijack Sessions. Read more securitytracker.com: HP-UX stmkfont Execution With Relative Path May Yield 'bin' Group Privileges to Local Users. Read more securitytracker.com: Protector Plus Fails to Scan Files Named With MS DOS Device Names. Read more securitytracker.com: Twister Anti-TrojanVirus Fails to Scan Files Named With MS DOS Device Names. Read more securitytracker.com: AntiVir Fails to Scan Files Named With MS DOS Device Names. Read more securitytracker.com: Safari Browser Multi-Window Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Netscape Browser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: Konqueror Browser Tabbed Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Firefox Browser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: Camino Browser Tabbed Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Opera Browser Tabbed Browsing Errors Let Remote Users Spoof Sites. Read more securitytracker.com: Maxthon Browser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: Avant Browser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: Mozilla Browser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information. Read more securitytracker.com: mpg123 Buffer Overflow in getauthformURL() May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Age of Sail II Buffer Overflow in Nickname May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Abyss Web Server Bug in Processing MS-DOS Device Names Lets Remote Users Deny Service. Read more www.securiteam.com: Microsoft Windows XP Metafile (.emf) Heap Overflow (MS04-032). Read more www.securiteam.com: Privateer's Bounty: Age of Sail II Server Remote Crash. Read more www.nsfocus.com: HP-UX stmkfont Local Privilege Escalation Vulnerability. Read more www.debian.org: DSA-573-1 cupsys -- integer overflows. Read more www.debian.org: DSA-572-1 ecartis -- several vulnerabilities. Read more   News: news.zdnet.co.uk: Security holes exposed in several major browsers. Read more www.internetweek.com: Microsoft CEO: Hackers Getting Smarter. Read more www.theregister.co.uk: Viruses leap through window of opportunity. Read more news.bbc.co.uk: Brazil holds '$30m fraud hackers'. Read more www.technewsworld.com: Five Zombies Do All the World's Phishing. Read more news.zdnet.co.uk: Online protection rackets target clearing houses. Read more english.ohmynews.com: Unprotected Computers and Modems Don't Mix. Read more www.theregister.co.uk: Google finally fixes Desktop security vuln. Read more www.internetweek.com: Assessing The Security Threat Of Google's Desktop Search. Read more entmag.com: 5 Threats from the Internet. Read more www.eweek.com: Another Phishing Hole Found in Google. Read more news.zdnet.co.uk: Cyberterrorism a reality 'in two years'. Read more news.zdnet.co.uk: IM photos could turn nasty. Read more

21 October 2004 Guides, Papers, etc www.microsoft.com: Microsoft's 'Fight Spyware' Information Center. Read more tigerteam.se: Introduction to Shellcoding - How to Exploit Buffer Overflows (pdf). Read more   Vulnerabilities & Exploits securitytracker.com: Opera HTML Parsing Errors Let Remote Users Deny Service. Read more securitytracker.com: Mozilla HTML Parsing Errors Let Remote Users Deny Service. Read more securitytracker.com: Lynx HTML Parsing Errors Let Remote Users Deny Service. Read more securitytracker.com: Links HTML Parsing Errors Let Remote Users Deny Service. Read more securitytracker.com: Speedtouch USB Driver Format String Flaw May Let Local Users Execute Arbitrary Code. Read more securitytracker.com: ncompress Buffer Overflow in comprexx() May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: openSkat Game Has Unspecified Security Issues. Read more securitytracker.com: Singapore '../' Input Validation Flaw in 'thumb.php' May Disclose Files to Remote Users. Read more securitytracker.com: DokuWiki Access Control Flaws May Let Remote Users Access Functions. Read more securitytracker.com: PBLang Multiple Security Flaws May Let Remote Users Access the Application. Read more securitytracker.com: cabextract Input Validation Error Lets Remote Users Traverse the Directory and Create or Overwrite Files. Read more securitytracker.com: Gaim MSNSLP Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Netscape Web Mail 'msglist.adp' Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: AOL Web Mail 'msglist.adp' Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Sun Solaris ldap(1) with RBAC May Let Local Users Gain Root Privileges. Read more securitytracker.com: LANDesk Error Lets Remote Users Crash the Target Host. Read more securitytracker.com: Google Input Validation Bug in Custom Search Feature Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Vypress Tonecast Lets Remote Users Crash the Application. Read more securitytracker.com: Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code. Read more www.securiteam.com: Avoiding Stackguard and Other Stack Protection - Proof of Concept Code. Read more www.securiteam.com: BitchX Local Root Exploit. Read more www.ntbugtraq.com: How to Break Windows XP SP2 + Internet Explorer 6 SP2. Read more www.debian.org: DSA-571-1 libpng3 -- buffer overflows, integer overflow. Read more www.debian.org: DSA-570-1 libpng -- integer overflow. Read more   News: www.theregister.co.uk: Gates: PC will replace TV, TV will become a giant Google. Read more www.theregister.co.uk: ATMs in peril from computer worms? Read more www.theinquirer.net: Crackers could close food company. Read more www.newsfactor.com: Hacker Breaks Into UC Berkeley Computer System. Read more www.lacrossetribune.com: Authorities Probe U.C. Hacking Attack. Read more news.com.com: Google fixes security hole. Read more www.eweek.com: PC Makers Seize the Reins of XP SP2 Security. Read more wave3.com: New Scam Hard To Detect, Harder To Solve. Read more

20 October 2004 Guides, Papers, etc www.securityfocus.com: Securing Exchange With ISA Server 2004. Read more paulgraham.com: Good Bad Attitude. Read more   Vulnerabilities & Exploits securitytracker.com: Lotus Notes/Domino Square Bracket Encoding Failure Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: X Window System on HP Tru64 Lets Remote Users Gain Elevated Privileges. Read more securitytracker.com: Ansel May Disclose Photo Album Directories to Remote Users. Read more securitytracker.com: Jebuch BBCode Image Tag Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: MediaWiki Input Validation Error in 'Title.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: Powie's PSCRIPT Forum Input Validation Bugs Let Remote Users Inject SQL Commands. Read more securitytracker.com: 3Com OfficeConnect ADSL Wireless 11g Firewall Authentication Flaw May Let Remote Users Hijack Sessions and DHCP Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: Multiple Cross Site Scripting Vulnerabilities in FuseTalk. Read more securetarget.net: Microsoft Windows Huge Text Processing Instability. Read more www.cybertrion.com: 3D-FTP vulnerable to DoS Attack. Read more   News: www.securityfocus.com: California reports massive data breach. Read more news.com.com: Hacker strikes university computer system. Read more www.nzherald.co.nz: Aria Farm says hackers' product recall message was 'sabotage'. Read more www.ciphertrust.com: CipherTrust Proves Worldwide Phishing Attacks Originate from Fewer Than Five Zombie Network Operators. Read more www.thejakartapost.com: Expert defends alleged hacker. Read more www.techweb.com: Anti-Virus Can Be Tricked By Hackers. Read more www.pingwales.co.uk: Patch now, or be phished. Read more news.zdnet.co.uk: Symantec to launch SME firewall appliance. Read more

19 October 2004 Tools www.insecure.org: Nmap 3.75 released. Read more   Vulnerabilities & Exploits www.securiteam.com: GDI+ JPEG Exploit Mutations Can Bypass Antivirus Tests. Read more securitytracker.com: SalesLogix Grants Administrative Access to Remote Users and Permits SQL Injection and Arbitrary File Uploads. Read more securitytracker.com: Kaspersky Anti-Virus Lets Remote Users Bypass Virus Detection WIth Zero Compressed Size Header. Read more securitytracker.com: Sophos Anti-Virus Lets Remote Users Bypass Virus Detection WIth Zero Compressed Size Header. Read more securitytracker.com: RAV AntiVirus Lets Remote Users Bypass Virus Detection WIth Zero Compressed Size Header. Read more securitytracker.com: Eset NOD32 Anti-Virus Lets Remote Users Bypass Virus Detection WIth Zero Compressed Size Header. Read more securitytracker.com: CA eTrust AntiVirus Lets Remote Users Bypass Virus Detection WIth Zero Compressed Size Header. Read more securitytracker.com: McAfee Anti-Virus Lets Remote Users Bypass Virus Detection WIth Zero Compressed Size Header. Read more securitytracker.com: cPanel Backup and FrontPage Management Bugs Let Remote Authenticated Users View, Edit, and Own Arbitrary Files. Read more securitytracker.com: YaPiG Input Validation Hole in Comments Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: GMail Drive Discloses Gmail Users Account Name and Lets Local Users Access the Gmail Account. Read more securitytracker.com: Gnofract 4D May Let Remote Users Execute Arbitrary Code. Read more pacsec.jp: Firewire/IEEE 1394 Considered Harmful to Physical Security. Read more www.securiteam.com: Libtiff Image Decoder Parsing Flaws. Read more www.securiteam.com: Remote Buffer overflow Vulnerability in YPOPs (Unix exploit). Read more www.securiteam.com: Remote Buffer overflow Vulnerability in YPOPs (Windows exploit). Read more   News: news.zdnet.co.uk: MyDoom seeks to destroy antivirus firms. Read more www.computerweekly.com: Hackers target utilities' control systems. Read more www.theregister.co.uk: 12 arrested in HK phishing scam. Read more www.theinquirer.net: Hacks in tizz over Google search facility. Read more www.crime-research.org: Cyber-terrorists, who are they? Read more

18 October 2004 Guides, Papers, etc www.eng.tau.ac.il: A Quantitative Study of Firewall Configuration Errors (pdf). Read more   Vulnerabilities & Exploits www.securityfocus.com: [IE 6 SP2] Possible URL Spoofing. Read more securitytracker.com: CoolPHP Input Validation Holes Let Local Users Execute Arbitrary Commands and Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: WeHelpBUS Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more www.securiteam.com: Monit Basic Authentication Remote Root Exploit. Read more www.securiteam.com: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability. Read more www.securiteam.com: Limited \secure\ buffer-overflow in some old Monolith games. Read more www.securiteam.com: SetWindowLong Shatter Attacks. Read more www.securiteam.com: Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS. Read more www.securiteam.com: Poisoning Cached HTTPS Documents in Internet Explorer. Read more www.securiteam.com: ProFTPD Remote Users Enumeration. Read more www.securiteam.com: BMon Relative Path Privilege Escalation. Read more www.debian.org: DSA-569-1 netkit-telnet-ssl -- invalid free(3). Read more www.securitytrap.com: Hxxp://mercylane.com/ Exploit code. Read more   News: www.oreillynet.com: Point-and-Click Phishing. Read more www.computerworld.com: Career Watch. Read more www.computerworld.com: Users buoyed by monthly patch releases. Read more

17 October 2004 New Trojans: Guides, Papers, etc www.securityfocus.com: SSH Host Key Protection. Read more   Vulnerabilities & Exploits www.securityfocus.com: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory. Read more www.debian.org: DSA-568-1 cyrus-sasl-mit -- unsanitised input. Read more securitytracker.com: ClientExec Default Installation Discloses System Configuration Information to Remote Users. Read more securitytracker.com: File Upload Manager Lets Remote Users Execute Commands on the Target System. Read more securitytracker.com: Microsoft Internet Explorer May Display the Incorrect URL When Loading a Javascript Homepage. Read more securitytracker.com: LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service. Read more securitytracker.com: Yak! Chat Directory Travesal Flaw Lets Remote Users Upload Files to Arbitrary Locations. Read more securitytracker.com: Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System. Read more securitytracker.com: 3Com 3CRADSL72 Wireless Router Discloses Configuration Data to Remote Users. Read more securitytracker.com: MailEnable Professional IMAP SEARCH Bug May Let Remote Authenticated Users Deny Service. Read more securitytracker.com: VERITAS Cluster Server Unspecified Flaw Grants Root Access to Remote Users. Read more   News: www.pcmag.com: Spyware Today, Cookies Tomorrow. Read more news.zdnet.co.uk: Netsky variant uses compression trick. Read more news.zdnet.co.uk: Bacros virus targets hard-drive destruction. Read more news.zdnet.co.uk: Fake Jacko movie tries to recruit zombies. Read more

16 October 2004 Vulnerabilities & Exploits www.securityfocus.com: Writing Trojans that bypass Windows XP Service Pack 2 Firewall. Read more www.acrossecurity.com: Poisoning Cached HTTPS Documents in Internet Explorer. Read more www.gentoo.org: BNC: Input validation flaw. Read more securitytracker.com: LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service. Read more securitytracker.com: Yak! Chat Directory Travesal Flaw Lets Remote Users Upload Files to Arbitrary Locations. Read more securitytracker.com: Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System. Read more securitytracker.com: 3Com 3CRADSL72 Wireless Router Discloses Configuration Data to Remote Users. Read more securitytracker.com: MailEnable Professional IMAP SEARCH Bug May Let Remote Authenticated Users Deny Service. Read more securitytracker.com: VERITAS Cluster Server Unspecified Flaw Grants Root Access to Remote Users. Read more   News: Nasa. The list contains the full name, email, phone, fax, position, building, room, and employer. FTP blogs.pcworld.com: Google Desktop Search: Security Threat? Read more news.netcraft.com: Latest IE Flaws Provide Opportunity for Phishers. Read more news.bbc.co.uk: Virus hits hospital systems. Read more www.infoworld.com: Phishing attacks may be coming from your computer. Read more www.theregister.co.uk: Four charged in landmark UK phishing case. Read more www.crime-research.org: On-line casino under cyber attacks. Read more www.theregister.co.uk: China jails four for running mucky site. Read more www.theregister.co.uk: 6m South Koreans exposed in slam and spam scam. Read more

15 October 2004 Vulnerabilities & Exploits securitytracker.com NatterChat Input Validation Hole Lets Remote Users Inject SQL Commands. Read more securitytracker.com IdealBB Multiple Input Validation Errors Permits SQL Injection, Cross-Site Scripting, and HTTP Response Splitting Attacks. Read more securitytracker.com KDocker Security Flaw Has Unspecified Impact. Read more securitytracker.com ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users. Read more securitytracker.com Pinnacle ShowCenter Input Validation Bug in 'SettingsBase.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com MediaWiki Input Validation Holes Let Remote Users Inject SQL and Conduct Cross-Site Scripting Attacks. Read more securitytracker.com Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw. Read more securitytracker.com LibTIFF Integer Overflows Let Remote Users Crash the Application. Read more securitytracker.com unzoo Input Validation Flaw Lets Remote Users Create/Overwrite Files on the Target User's System. Read more securitytracker.com ShixxNote 6.net Buffer Overflow in Font Field Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more www.lovebug.org: FuseTalk, Multiple Cross Site Scripting Vulnerabilities. Read more www.debian.org: DSA-566-1 cupsys -- unsanitised input. Read more   News: www.theregister.co.uk: Undead IE bug rises from grave. Read more www.theregister.co.uk: 90s retro virus spreads over physical media. Read more www.cio-today.com: PayPal Overcomes Glitches. Read more www.theregister.co.uk: How to kill a website with one email. Read more www.zdnet.com.au: Unearthing the origins of Firefox. Read more

14 October 2004 Guides, Papers, etc www.giac.org: Worm Analysis - Microsoft LSASS Buffer Overflow from Exploit to Worm (pdf). Read more www.giac.org: Using the oc192-Dcom.c Exploit to Accomplish Revenge. Read more   Vulnerabilities & Exploits www.securiteam.com: Writing Trojans that Bypass Windows XP Service Pack 2 Firewall. Read more www.securiteam.com: MySQL MaxDB Web Agent WebDBM Server Name DoS. Read more www.debian.org: DSA-565-1 sox -- buffer overflow. Read more www.debian.org: DSA-564-1 mpg123 -- missing user input sanitising. Read more securitytracker.com: SCT Campus Pipeline Input Validation Error in 'render.UserLayoutRootNode.uP' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: FuseTalk Input Validation Hole in IMG Tag Permits Cross-Site Scripting Attacks. Read more securitytracker.com: FuseTalk Input Validation Holes Permit Cross-Site Scripting Attacks. Read more securitytracker.com: Sun JRE XSLT Processor Error Lets Remote Applets Gain Elevated Privileges. Read more securitytracker.com: Blackberry Operating System Has Buffer Overflow in Processing Calendar Data that Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: ocPortal index.php Include File Error Lets Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Adobe Acrobat Embedded Flash Capability Lets Remote Users Access Files on the Target User's System. Read more securitytracker.com: Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Program Group Converter Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Various Operating System Flaws Lets Remote Users Execute Code and Local Users Gain Elevated Privileges or Deny Service. Read more securitytracker.com: Microsoft IE Plug-in Navigation Flaw Lets Remote Users Spoof URLs in the Addresses Bar. Read more securitytracker.com: Microsoft IE Double Byte Parsing Flaw Lets Remote Users Spoof URLs in the Addresses Bar. Read more securitytracker.com: Microsoft IE SSL Caching Flaw Lets Remote Users Run Scripting Code in the Context of Arbitrary Secure Sites. Read more securitytracker.com: Microsoft IE Buffer Overflow in Install Engine Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft IE Buffer Overflow in Processing Cascading Style Sheets Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Excel Unspecified Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft NetDDE Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges. Read more securitytracker.com: Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service. Read more securitytracker.com: Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service. Read more securitytracker.com: Microsoft NNTP Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges. Read more securitytracker.com: Micronet SP916BM Wireless Router Lets Physically Local Users Reset the Password. Read more   News: www.theregister.co.uk: Seven critical in MS October patch batch. Read more www.crime-research.org: Phishing costs $20 000 000 for Russian businesses. Read more news.zdnet.co.uk: Phishing growing exponentially. Read more www.computerworld.com: Security highlights from around the Web. Read more

13 October 2004 Vulnerabilities & Exploits GreyMagic Security Advisory GM#009-IE Topic: Accessing remote/local content in IE. Read more www.coresecurity.com: IIS NNTP Service XPAT Command Vulnerabilities. Read more Internet Security Systems Protection Alert Multiple Vulnerabilities in Microsoft Products � October 2004. Read more Core Security Technologies Advisory IIS NNTP Service XPAT Command Vulnerabilities. Read more www.debian.org: DSA-563-1 cyrus-sasl -- unsanitised input. Read more securitytracker.com: Windows 2003 Default ACL Permissions on the Firewall Service Lets Any Users Stop the Service. Read more securitytracker.com: Microsoft Cabarc Directory Traversal Flaw Lets Remote Users Create/Overwrite Files on the Target System. Read more securitytracker.com: asn1c Processing Flaws Have Unspecified Impact. Read more securitytracker.com: IceWarp Web Mail Has Cross-Site Scripting Flaws and an Unspecified 'view.html' Vulnerability. Read more securitytracker.com: Macromedia ColdFusion Provides Default Access to CFOBJECT Tag and CreateObject Function. Read more securitytracker.com: Squid SNMP Parsing Error Lets Remote Users Restart the Proxy Server. Read more securitytracker.com: renattach '--pipe' Input Validation Method Has Unspecified Impact. Read more securitytracker.com: Zanfi CMS Lite Include File Error Lets Remote Users Execute Arbitrary Commands. Read more   News: Microsoft Security Bulletin MS04-029 Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350). Read more Microsoft Security Bulletin MS04-030 Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151). Read more Microsoft Security Bulletin MS04-031 Vulnerability in NetDDE Could Allow Remote Code Execution (841533). Read more Microsoft Security Bulletin MS04-032 Security Update for Microsoft Windows (840987). Read more Microsoft Security Bulletin MS04-033 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836). Read more Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376). Read more Microsoft Security Bulletin MS04-035 Vulnerability in SMTP Could Allow Remote Code Execution (885881). Read more Microsoft Security Bulletin MS04-036 Vulnerability in NNTP Could Allow Remote Code Execution (883935). Read more Microsoft Security Bulletin MS04-037 Vulnerability in Windows Shell Could Allow Remote Code Execution (841356). Read more news.zdnet.co.uk: 22 new Microsoft security holes revealed. Read more www.net-security.org: So Many Worms, So Little Time. Read more www.theregister.co.uk: Beckham + strumpet pic actually Trojan. Read more www.theregister.co.uk: PayPal hit by coding glitch. Read more www.theregister.co.uk: Teen eBay fraudster pleads guilty to �45k scam. Read more www.crime-research.org: Korean Cyber Crime Unit Trains Foreign Experts. Read more

12 October 2004 Guides, Papers, etc www.airscanner.com: Close Encounters of the Hacker Kind: A Story from the Front Lines. (pdf) Read more www.airscanner.com: Raw Sockets Revisited: The day the Internet died. (pdf) Read more www.informit.com: Reverse-Engineering the First Pocket PC Trojan, Part 1. Read more www.informit.com: Reverse-Engineering the First Pocket PC Trojan, Part 2. Read more   Vulnerabilities & Exploits www.securitytracker.com: Zanfi CMS Lite Include File Error Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: unarj Input Validation Bug May Let Remote Users Create/Overwrite Files on the Target User's System. Read more www.securitytracker.com: Turbo Traffic Trader Lack of Input Validation Permits Remote SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System. Read more www.securitytracker.com: CJOverkill Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Monolith Games Have Buffer Overflow in '/secure/' Command That Lets Remote Users Crash the Game. Read more www.securitytracker.com: gettext Unsafe Temporary Files May Let Local Users Delete Files. Read more www.securitytracker.com: DUclassmate Authentication Flaw Lets Remote Users Change the Passwords of Other Users. Read more www.securitytracker.com: DUclassified Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: DUforum Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: WordPress Input Validation Holes Permit Response Splitting Attacks. Read more www.debian.org: DSA-562-1 mysql -- several vulnerabilities. Read more www.debian.org: DSA-561-1 xfree86 -- integer and stack overflows. Read more   News: www.crime-research.org: Mass raid upon hackers in Russia. Read more www.theregister.co.uk: US gov targets spyware outfit. Read more www.eweek.com: New Worm Attacks MSN Messenger As Service Falters. Read more news.xinhuanet.com: "Funny" worm does not amuse. Read more www.wired.com: U.S. Spies on Chat Rooms. Read more www.computerweekly.com: Instant messaging and file sharing climb league table of Windows security dangers. Read more www.theregister.co.uk: Parents must do more to protect kids online. Read more

11 October 2004 Guides, Papers, etc www.pcworld.com: Biography of a Worm. Read more   Vulnerabilities & Exploits www.securitytracker.com: BNC Input Validation Flaw in Processing Backspace Characters Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Rippy the Aggregator Relies on Unsafe PHP Configuration Settings. Read more www.securitytracker.com: Sticker Secure Messaging Error Lets Remote Users Post to Private Groups. Read more   News: australianit.news.com.au: China awash with viruses. Read more www.crime-research.org: North Korea has a special military squad of hacker-experts. Read more itvibe.com: 60% of office computers infected by a virus. Read more seattletimes.nwsource.com: Phishing fraud learns to hook bigger catches. Read more

10 October 2004 Guides, Papers, etc www.remote-exploit.org: Generic security problems with online games and applications. Read more www.spirit.com: AN EXPERIMENT IN FORENSICS REVEALS ATTACKERS' TECHNIQUES. Read more www.cs.rochester.edu: XDCC � An .EDU Admin�s Nightmare. Read more   Vulnerabilities & Exploits www.guninski.com: Yet another IE aperture Advisory and demonstration. Read more www.sans.org: The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus. Read more www.debian.org: DSA-560-1 lesstif1-1 -- integer and stack overflows. Read more   News: www.theregister.co.uk: Netherlands deports more 419ers. Read more www.journalstar.com: Protect yourself from account fraud online. Read more www.chinatechnews.com: Chinese Authorities Apprehend Online Bank Robber. Read more

09 October 2004 Guides, Papers, etc www.securityfocus.com: Defeating Honeypots: Network Issues, Part 2. Read more   Vulnerabilities & Exploits www.securitytracker.com: RealNetworks Helix Universal Server Can Be Disabled With Cetain POST Request Content-Length Value. Read more www.securitytracker.com: Flash Messaging System Input Validation Flaw Lets Remote Users Crash the Service. Read more   News: www.securityfocus.com: Fueling the Fire. Read more www.theregister.co.uk: Word open to exploit. Read more

08 October 2004 Vulnerabilities & Exploits www.guninski.com: Yet another IE aperture. Read more www.securitytracker.com: Cyrus SASL SASL_PATH Environment Variable May Let Local Users Gain Elevated Privileges and Buffer Overflow May Permit Remote Code Execution. Read more www.securitytracker.com: Microsoft Word Parsing Flaw May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Internet Explorer Lets Remote Users Access XML Documents. Read more www.securitytracker.com: IBM DB2 Has Numerous Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: online-bookmarks Lets Remote Users Access Restricted Scripts. Read more   News: www.techweb.com: Malicious Trojan Pretends To Be Good. Read more news.zdnet.com: Microsoft delays IM beta over security concerns. Read more www.cio-today.com: Google Print: New Battle in the Search-Engine Wars. Read more

07 October 2004 Tools www.securiteam.com: Fakebust - Fake Exploit Code Detector. Read more   Guides, Papers, etc The Phishing Guide www.nextgenss.com: Understanding & Preventing Phishing Attacks. Read more   Vulnerabilities & Exploits www.securitytracker.com: AtHoc Toolbar Buffer Overflow and Format String Bugs Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: TriDComm '../' Input Validation Bug Lets Remote Users Read and Write Files. Read more www.securitytracker.com: Juniper NetScreen IVE Lets Remote Users Conduct Brute-Force Password Guessing Attacks. Read more www.securitytracker.com: BlackBoard Internet Newsboard System Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more www.macromedia.com: MPSB04-07 - Macromedia Products Not Affected by Microsoft JPEG/GDIPlus Vulnerability. Read more www.securiteam.com: JpegOfDeath - an Advanced JPEG (GDI+) Exploit. Read more www.securiteam.com: ColdFusion MX 6.1 on IIS File Contents Disclosure. Read more www.debian.org: DSA-600-1 samba -- arbitrary file access. Read more www.debian.org: DSA-559-1 net-acct -- insecure temporary file. Read more www.debian.org: DSA-558-1 libapache-mod-dav -- null pointer dereference. Read more   News: www.channelnewsasia.com: North Korea ready to launch cyber war: report. Read more www.theregister.co.uk: Virus writers seek cash from chaos. Read more www.crime-research.org: Hacker attempted to steal $ 1'000'000 from account of Custom House. Read more www.startribune.com: A picture worth a thousand worms. Read more

06 October 2004 Tools www.sharp-ideas.net: Using python and AOL IM to create nmap bot. Read more   Vulnerabilities & Exploits www.securitytracker.com: Symantec Norton Anti-Virus Fails to Scan Files Named With MS DOS Device Names. Read more www.securitytracker.com: BugPort File Attachment Flaw Has Unspecified Impact. Read more www.securitytracker.com: My Blog Input Validation Errors Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: NetworkActiv Web Server Lets Remote Users Deny Service. Read more www.securitytracker.com: Real Estate Management Software Discloses 'site.xml' Configuration File to Remote Users. Read more www.securiteam.com: Default Username/Password Pairs in ON Command CCM 5.x Database Backend. Read more www.securiteam.com: Inkra 1504GX IP Protocol Parsing DoS. Read more www.securiteam.com: RhinoSoft DNS4ME HTTP Server DoS and CSS. Read more www.securiteam.com: NetworkActiv Web Server DoS. Read more www.securiteam.com: Sudo -u Parameter File Exposure. Read more www.securiteam.com: MySQLguest Arbitrary Code Injection. Read more   News: www.theregister.co.uk: Click here to become infected (Part 2). Read more www.japantoday.com: N Korea has up to 600 hackers to gather military information. Read more www.idc.com: Viruses, Worms, and Spam Fuel Security Software Market in the Gulf States in 2003, Says IDC. Read more

05 October 2004 Tools www.remote-exploit.org: Hotspotter - a Wireless Honeypot. Read more   Vulnerabilities & Exploits www.securiteam.com: RealPlayer pnen3260.dll Heap Overflow. Read more www.securiteam.com: Znif PLS Buffer Overflow. Read more www.securiteam.com: Macromedia JRun4 mod_jrun Apache Module Buffer Overflow. Read more www.securiteam.com: Xerces-C++ Library Attribute Parsing Denial Of Service. Read more www.securiteam.com: Microsoft SQL Server DoS. Read more www.securiteam.com: ICECast Remote Code Execution. Read more www.securiteam.com: Judge Dredd Vs. Death Format String Vulnerability. Read more www.securiteam.com: dbPowerAmp Buffer Overflow and DoS Vulnerabilities. Read more www.securiteam.com: Samba Arbitrary File Access Vulnerability. Read more www.securiteam.com: EPM Buffer Overflow (retlibc exploit). Read more   News: www.theregister.co.uk: WorldPay struggles under DDoS attack (again). Read more www.lsureveille.com: Citibank e-mail an information hoax. Read more

04 October 2004 Vulnerabilities & Exploits www.securitytracker.com: ColdFusion MX Lets Remote Authenticated Users Run Privileged Scripts. Read more www.debian.org: DSA-556-1 netkit-telnet -- invalid free(3). Read more   News: www.pcwelt.de: PC-WELT discovers and fixes serious security issue in Windows XP SP2. Read more www.pcworld.com: IM Worm Crawls Through JPEG Hole. Read more www.pcworld.com: Security Flaws Found in RealPlayer. Read more www.pcworld.com: WinZip Warns of Security Flaws. Read more www.pcworld.com: Two Words from Bill Gates: Computer Science. Read more nwc.securitypipeline.com: Energy Department Hacked Nearly 200 Times In Last Year. Read more www.prnewswire.com: CA Delivers Industry's First Virus Protection Solution For Microsoft Windows XP Embedded With eTrust Antivirus. Read more www.theinquirer.net: US users know more about boobs than viruses. Read more

03 October 2004 Vulnerabilities & Exploits www.geocities.com/visitbipin: Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bug. Read more   News: www.pcwelt.de: PC-WELT discovers and fixes serious security issue in Windows XP SP2. Read more www.pcworld.com: IM Worm Crawls Through JPEG Hole. Read more

02 October 2004 Vulnerabilities & Exploits www.securitytracker.com: Silent Storm Portal Input Validation Errors Let Remote Users Gain Administrative Privileges and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Samba DOS Path Conversion Flaw Discloses Files to Remote Users. Read more www.securitytracker.com: W-Agora Input Validation Holes in 'redir_url' and Other Scripts Permit SQL Injection, Cross-Site Scripting, and Response Splitting Attacks. Read more www.securiteam.com: Analysis of Real Network's RealServer Remote Root Exploit. Read more www.maxpatrol.com: Cross Site Scripting in Invision Power Board. Read more www.servers.co.nz: SQL Injection vulnerability in bBlog 0.7.3. Read more www.gulftech.org: dbPowerAmp Buffer Overflow And DoS Vulnerabilities. Read more   News: www.theregister.co.uk: McAfee in BitDefender virus slur spat. Read more news.zdnet.com: Gates: Microsoft to offer anti-spyware. Read more news.zdnet.com: Viral movies possible with RealPlayer flaw. Read more news.zdnet.com: Zombie armies behind cyberscrime sprees. Read more

01 October 2004 Tools www.windowsitpro.com: Update: New Tools Help with JPEG GDI+ Updates. Read more   Guides, Papers, etc www.windowsitpro.com: Snort Rules to Detect JPEG GDI+ Exploits. Read more   Vulnerabilities & Exploits www.securitytracker.com: aspWebCalendar Discloses Whether Account Names Exist to Remote Users. Read more www.securitytracker.com: MyWebServer Grants Administrative Access and Discloses Files to Remote Users. Read more www.securitytracker.com: Freenet6 on Debian Linux Discloses Tunnel Broker Password to Local Users. Read more www.securitytracker.com: Alpha Black Zero: Intrepid Protocol Game Server Can Be Crashed By Remote Users. Read more www.maxpatrol.com: Multiple SQL-Injection and XSS Vulnerabilities in AliveSites Forum 2.0. Read more www.debian.org: DSA-555-1 freenet6 -- wrong file permissions. Read more   News: www.windowsitpro.com: True to the Image: JPEG Exploits on the Loose. Read more www.windowsitpro.com: More JPEG GDI+ Exploits. Read more www.theregister.co.uk: Microsoft FAT patent rejected. Read more www.theregister.co.uk: US phishing losses hit $500m. Read more networks.silicon.com: �Wardriving� spam conviction exposes Wi-Fi security. Read more

Copyright� MegaSecurity.org