Home    News Archive    Translate Traducen

News October 2006

31 October 2006 Guides, Papers, etc download.microsoft.com: The Risks of Obtaining and Using Pirated Software. Read more www.mcafee.com: AIM FOR BOT COORDINATION. Read more www.eweek.com: When in Rome ... Read more www.eweek.com: Smart Solutions to ID and Privacy. Read more taosecurity.blogspot.com: Response to Daily Dave Thread. Read more isc.sans.org: ToD - Configuration Management - maintaining security awareness. Read more techdirt.com: One Way To Get Around Iranian Broadband Ban: Ask Your ISP For Higher Speeds. Read more arstechnica.com: Vista's hardware tolerance: one significant change before support remediation. Read more www.darkreading.com: The Vista-Forefront Security Two-Step. Read more blogs.ittoolbox.com: Audio: SecurityMonkey Podcast #15. Listen   Vulnerabilities & Exploits secunia.com: Multiple Browsers Window Injection Vulnerability Test. Read more securitytracker.com: foresite CMS Input Validation Hole in 'query' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service. Read more securitytracker.com: Sophos Anti-Virus Bugs in Processing Petite Archives, RAR Archives, and CHM Files Let Remote Users Deny Service. Read more securitytracker.com: PunBB Input Validation Flaws Let Remote Users Inject SQL Commands and Include File Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: iG Shop Input Validation Hole in 'change_pass.php' Permits Cross-Site Scripting Attacks. Read more   Tools: metasploit.com: Metasploit Framework 2.7 Released. Read more   News www.wsbtv.com: Social Security Numbers Posted Online. Read more blogs.abcnews.com: Hackers Penetrate Water System Computers. Read more www.theregister.co.uk: Ohio child hospital hack exposes 230,000 files. Read more arstechnica.com: Google actively aiding intelligence agencies? Read more www.pcadvisor.co.uk: Tricky malware sidesteps Windows security. Read more www.pcadvisor.co.uk: Attack disables Windows XP Firewall. Read more www.infoworld.com: Windows XP SP3 suffers uncertain future. Read more www.securityfocus.com: FBI raids home of boarding-pass creator. Read more www.terra.net.lb: China's lawmakers consider banning children from Internet cafes. Read more www.darkreading.com: Criminals in the Call Center? Read more www.darkreading.com: MySpace Under Siege. Read more news.com.com: Seagate bakes security into hard-disk drive. Read more

. 30 October 2006 Guides, Papers, etc www.sans.org: SANS Amsterdam 2006. Read more isc.sans.org: Remote DoS released targets Windows Firewall/Internet Connection Sharing (ICS) service component (NEW). Read more blogs.securiteam.com: RFIDIOt released RFID E-passport skimming PoC. Read more blogs.securiteam.com: e360 vs. Spamhaus via Tucows (round #3). Read more blogs.securiteam.com: Anecdotal story about myself, worm writing and Emergent behavior in Worms. Read more www.pcworld.idg.com.au: Visiting Vista RC2, part two. Read more www.microsoft.com: The risks of obtaining and using pirated software. Read more www.suntimes.co.za: Stay one step ahead of online banking skelms. Read more www.informationweek.com: Anatomy Of A Phishing Scam. Read more www.newsfactor.com: Internet Explorer 7: A Strong Contender. Read more www.videosift.com: Video: The Real Hustle - Keylogging. Watch listvine.com: 9 Reasons Not to Upgrade to Firefox 2.0. Read more blogs.ittoolbox.com: Get Hired In Security: Today! Read more blogs.authentium.com: What is antivirus software? Read more www.informit.com: The Future of CPUs: What's After Multi-Core? Read more   Tools: hexblog.com: Loop colorizer. Read more fileforum.betanews.com: WinPcap 4.0 Beta 2. Read more   News www.itweek.co.uk: Million-PC botnet threatens consumers. Read more www.denverpost.com: Scammers find new ways to reach inbox. Read more www.registerguard.com: Online stock accounts being hit by hackers. Read more www.abs-cbnnews.com: China considers banning children from Internet cafes. Read more www.floridatoday.com: Fraud a click away on Web. Read more thestar.com.my: 2010 World Cup jackpot spin to Nigerian Internet scam. Read more www.internetnews.com: Convicted Pedophile Looking at 15 Years. Read more www.zdnet.com.au: Aussie anti-porn Net filter gets closer. Read more techdirt.com: Yet Another Company Suing Google Because Its Ranking Sucks. Read more www.latimes.com: Why pick on Internet gambling? Read more

. 28 October 2006 Guides, Papers, etc www.securityfocus.com: Surprises Inside Microsoft Vista's EULA. Read more www.f-secure.com: Reselling domain names...for phishing gangs. Read more isc.sans.org: ADODB.connection Vuln. Read more www.theregister.co.uk: Acer: Vista Home Basic is a lemon. Read more blogs.authentium.com: Some More Perspective on Patchguard. Read more blogs.securiteam.com: RFIDIOt released RFID E-passport skimming PoC. Read more www.vnunet.com: Norman conquest of malware rolls out sandboxes. Read more www.dfrws.org: Searching for processes and threads in Microsoft Windows memory dumps. Read more www.cs.nps.navy.mil: Software Decoys: Intrusion Detection and Countermeasures. Read more www.passivemode.net: RFID Credit Card Vulnerabilities. Read more www.darkreading.com: Don't Blame the Browser. Read more www.esecurityplanet.com: The Jealous Trojan. Read more   Vulnerabilities & Exploits securitytracker.com: Wireshark (Ethereal) Bugs in HTTP, LDAP, XOT, WBXML, and MIME Multipart Dissectors Let Remote Users Deny Service. Read more securitytracker.com: 3Com SuperStack 3 Switch Discloses SNMP Community String to Remote Users. Read more securitytracker.com: Microsoft Internet Explorer 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code. Read more   Tools: computer.forensikblog.de: PoolFinder conducts a brute-force scan of a Windows memory dump or page file (pagefile.sys) and attempts to identify pool allocations. Read more   News www.securityfocus.com: Bot nets likely behind jump in spam. Read more www.theregister.co.uk: Anti-scam website hit by DDOS attacks. Read more www.theregister.co.uk: Is Google legal? Read more www.theregister.co.uk: Bug causes another delay to Vista. Read more mashable.com: MySpace Phishing Attack Appears on 3000 Pages. Read more www.theregister.co.uk: Australian spammer fined A$5.5m. Read more www.theregister.co.uk: Hacker hijinks impinge on US mid-term elections. Read more www.marketwatch.com: Caution urged as online stock scams multiply. Read more arstechnica.com: Security company claims Vista's PatchGuard cracked. Read more www.technewsworld.com: Web Mail in the Workplace: Another Security Threat. Read more blog.wired.com: Congressman Ed Markey Wants Security Researcher Arrested. Read more abcnews.go.com: Web Site Lets Anyone Create Fake Boarding Passes. Read more

. 27 October 2006 Guides, Papers, etc www.eweek.com: Rutkowska: Anti-Virus Software Is Ineffective. Read more blogs.securiteam.com: e360 vs. Spamhaus via Tucows (round #3). Read more blogs.securiteam.com: Anecdotal story about myself, worm writing and Emergent behavior in Worms. Read more blogs.securiteam.com: The real story behind BT buying Counterpane! Read more www.siliconvalleysleuth.com: Adware purveyors wage mob war. Read more isc.sans.org: Are you sure you're as prepared as you think you are? Read more www.freedom-to-tinker.com: Why So Little Attention to Botnets? Read more www.windowsitpro.com: The Onion Router Downside. Read more www.darkreading.com: A Public Snort. Read more www.computerworld.com: 'Less than zero-day' threats too often overlooked, analysts warn. Read more www.technewsworld.com: Going Wireless on Campus. Read more www.hesterpc.com: 10 Steps to More Secure Wireless. Read more www.mcs.vuw.ac.nz: Testing client honeypots with Metasploit Framework 3. Read more www.itnews.com.au: Human factor essential for IT security. Read more www.infoworld.com: How not to stop a virus attack. Read more www.podtrac.com: Audio: Security Now 63: MojoPac - sponsored by Astaro Corp. Listen www.tllts.org: Audio: The Linux Link Tech Show Episode 164. Special Guest: Patrick Volkerding - Slackware. Linc's Laptop woes and the Nokia 770, Tuxpaint 0.9.16, Firefox 2.0, Linc's Book Reviews. Listen   Vulnerabilities & Exploits securitytracker.com: Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs. Read more securitytracker.com: AOL Buffer Overflows in AddPictureNoAlbum and downloadFileDirectory ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more   Tools: siteadminstuff.com: Site Admin Stuff. Read more www.dubfire.net: The Northwest Airlines Boarding Pass Generator. Read more   News www.securityfocus.com: Brokerages lose $22M to hackers in three months. Read more www.theregister.co.uk: IE7 spoofing bug pops up. Read more www.pcworld.com: If You Dislike Microsoft's Windows Antipiracy Checks, Look Out. Read more www.eweek.com: Microsoft Decries Vista PatchGuard Hack. Read more www.eweek.com: Wi-Fi Exploits Coming to Metasploit. Read more torrentfreak.com: BitTorrent Site Admin Sent to Prison. Read more www.zdnet.com.au: Linux guru warns on security of open-source. Read more news.com.com: Did worm infect Alaska candidates' site? Read more www.smh.com.au: Google 'harbouring racists'. Read more

. 26 October 2006 Guides, Papers, etc sla.ckers.org: XSS Fragmentation Attacks + MySpace 0day. Read more www.securityfocus.com: Viruses, Phishing, and Trojans For Profit. Read more www.viruslist.com: Spam, viruses, and Putin's death. Read more fergdawg.blogspot.com: Trick or Treat: Hallowe'en Malware Websites Abound. Read more www.avertlabs.com: W32/Stration - Not This Kid Again!? Read more www.eweek.com: Is It Really Too Late to Beat Bots? Read more www.viruslist.com: Computers, Networks and Theft. Read more blog.ncircle.com: CWSandbox Review. Read more blog.washingtonpost.com: ZoneAlarm's New Auto-Updater Prompts Confusion. Read more blogs.securiteam.com: 5 minutes of glory. Read more maxpatrol.com: Web-style Wireless IDS attacks. Read more www.mcs.vuw.ac.nz: Testing client honeypots with Metasploit Framework 3. Read more www.darkreading.com: Month of Kernel Bugs to Come. Read more www.antiphishing.org: The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond. Read more news10now.com: One of history's most notorious thieves has tips on preventing ID theft. Read more   Vulnerabilities & Exploits securitytracker.com: Winamp Buffer Overflow in Parsing Ultravox Lyrics3 Tags Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Winamp Buffer Overflow in Processing the 'ultravox-max-msg' Header Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Cisco Security Agent for Linux Lets Remote Users Deny Service By Conducting Port Scans. Read more securitytracker.com: InteliEditor Include File Flaw in 'lib.editor.inc.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: WikiNi Input Validation Holes in 'name' and 'email' Parameters Permit Cross-Site Scripting Attacks. Read more securitytracker.com: PostgreSQL Processing Bugs Let Remote Authenticated Users Deny Service. Read more securitytracker.com: QK SMTP Server 'RCPT TO' Command Lets Remote Users Deny Service. Read more securitytracker.com: Sun Java System/iPlanet Messaging Server Webmail Interface Lets Remote Users Execute Javascript on the Target User's System. Read more securitytracker.com: RMSOFT Gallery System Input Validation Hole in 'rmgs/images.php' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Trawler Web CMS Include File Bug in 'path_red2' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: CruiseWorks 'cws.exe' Input Validation Errors Let Remote Users Traverse the Directory or Execute Arbitrary Code. Read more   Tools: www.net-security.org: Permission Analyzer for Microsft Windows released. Read more   News www.securityfocus.com: Man arrested for bot net, Akamai attack. Read more www.theregister.co.uk: Verisign backs Vista security green streak. Read more news.zdnet.com: Spoofing bug found in IE 7. Read more www.techworld.com: The world's most sophisticated Trojan uncovered. Read more

. 25 October 2006 Guides, Papers, etc blogs.securiteam.com: Real life uses for vulnerabilities: [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far). Read more blogs.securiteam.com: Vulnerability automation and Botnet �solutions� I expect to see this year. Read more blogs.securiteam.com: Re-branding IPS as an anti botnet tool. Read more blogs.securiteam.com: Firefox 2.0 with phishing detection arrived. Read more www.viruslist.com: The IM worms armada. Read more blogs.msdn.com: How hard is it to get a hot fix from Microsoft? It's not easy online. Read more ddanchev.blogspot.com: Detecting Malware Time Bombs with Virtual Machines. Read more www.darkreading.com: Mutating Email Bugs Swarm. Read more www.microsoft.com: Microsoft Security Intelligence Report. An in-depth perspective of trends in the malicious and potentially unwanted software landscape in the first half of 2006. Read more www.mcafee.com: Killing Botnets. A view from the trenches. Read more www.browserden.co.uk: A Week With IE7. Read more www.haklabs.com: Bypass WGA in Style. Read more www.newscientisttech.com: Attack of the quantum worms. Read more   Vulnerabilities & Exploits securitytracker.com: Symantec Client Security SAVRT.SYS Device Driver Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Symantec Anti Virus Corporate Edition SAVRT.SYS Device Driver Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more   Tools: sistk.sourceforge.net: The SIS analysis toolkit. Read more   News www.infoworld.com: UK police count 8,500 victims in data theft. Read more www.itnews.com.au: Organised crime steals millions from online brokers. Read more abcnews.go.com: Chicago Voter Database Hacked. Read more www.securityfocus.com: Researchers warn over RFID credit cards. Read more www.theregister.co.uk: Vista kernel fix 'worse than useless'. Read more www.regdeveloper.co.uk: Microsoft in 64-bit Vista lockdown. Read more security.ithub.com: Security Vendor Bypasses Microsoft's Vista PatchGuard. Read more sunbeltblog.blogspot.com: Will PatchGuard be Vista's Maginot Line? Read more www.theregister.co.uk: Florida 'botmaster' charged with Akamai DDOS attack. Read more www.btplc.com: BT acquires Counterpane Internet Security. Read more nationaljournal.com: Terrorist Profiling, Version 2.0. Read more www.nytimes.com: At U.S. Borders, Laptops Have No Right to Privacy. Read more www.theregister.co.uk: Playboy gambler says Feds can't stop his online empire. Read more today.reuters.com: Hacker unlocks Apple music download protection. Read more www.theregister.co.uk: US publishers say Child Online Protection Act should be struck down. Read more www.theage.com.au: Improved security for new Firefox browser. Read more www.eweek.com: FBI: Companies Need to Report Cyber Attacks. Read more www.pcworld.idg.com.au: Excuses on iPod virus not credible. Read more blogs.pcworld.com: Hidden Costs of Vista Upgrade Coupon. Read more www.avertlabs.com: Image Spam still increasing. Read more

. 24 October 2006 Guides, Papers, etc www.usatoday.com: Cybercrime flourishes in online hacker forums. Read more blog.wired.com: GOING ONLINE IN CUBA : Internet under surveillance. Read more blogs.securiteam.com: More on Joanna Rutkowska Blue Pill and the New Vista. Read more blogs.zdnet.com: Controlling the kernel - It�s all about DRM. Read more isc.sans.org: Update: Malware Analysis: Tools of the Trade (NEW). Read more www.avertlabs.com: Bots and botting�. A Lost Cause? Read more www.darkreading.com: JavaScript Malware Strikes Firewalls. Read more blogs.securiteam.com: Money Mule Recruitment Over IM. Read more www.fortinet.com: Fortinet Continues to Protect Against Stration Threat. Read more www.heise-security.co.uk: You can't Bank on Security. Testing of UK bank pages reveals possible vulnerabilities. Read more s3g.i2r.a-star.edu.sg: Robust Reactions to Potential Day-Zero Worms through Cooperation and Validation. Read more www.oreillynet.com: Dear McAfee, Thanks For the Spam, But....Read more blogs.zdnet.com: Scary malware tricks part 1. Read more arstechnica.com: Microsoft's antivirus battles: not Netscape part II. Read more www.ehomeupgrade.com: The Real Hustle: Wireless Access Point Vulnerability Video. Watch   Vulnerabilities & Exploits securitytracker.com: Virtual Law Office Include File Bug in 'phpc_root_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: AROUNDMe Include File Flaw in 'templatePath' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: SchoolAlumni Portal Input Validation Hole Permits Cross-Site Scripting Attacks and Include File Bug Lets Remote Users Execute Local PHP Code. Read more securitytracker.com: Novell eDirectory NCP Over IP and evtFilteredMonitorEventsRequest() Overflows Let Remote Users Execute Arbitrary Code. Read more   Tools: www.cbronline.com: eEye plans antivirus and free firewall. Read more today.reuters.co.uk: Google lets Web sites tailor search to user tastes. Read more   News www.securityfocus.com: Critics concerned over Vista security changes. Read more news.zdnet.co.uk: Microsoft vs McAfee turns nasty. Read more www.sophos.com: Symantec and McAfee should have prepared better for Microsoft Windows Vista - Sophos comment. Read more blogs.msdn.com: IE7 Hits the Street. Read more www.chicagotribune.com: Vista secures new enemies. Read more news.zdnet.com: China moves toward 'real name system' for blogs. Read more www.itpro.co.uk: Online crime more profitable than drugs. Read more www.securitypark.co.uk: Hackers can also infiltrate production line networks. Read more www.sun-sentinel.com: Online brokerages hit for millions by hackers. Read more www.theregister.co.uk: SpamThru Trojan bundles own virus scanner. Read more www.theage.com.au: The name is Google. So sue us. Read more sunbeltblog.blogspot.com: Microsoft targets WebRoot. Read more

. 23 October 2006 Guides, Papers, etc theinvisiblethings.blogspot.com: Vista RC2 vs. pagefile attack (and some thoughts about Patch Guard). Read more cnet.com.au: The Netscaping of Symantec and McAfee. Read more www.avertlabs.com: MMORPG-Gold-Farming and Password-Stealers. Read more smartbro.blogspot.com: How To Install IE7 without the Genuine Validation. Read more www.it-observer.com: Malicious Code Injection: Not Just for SQL. Read more www.securityfocus.com: Researcher attempts to shed light on security troll. Read more www.passivemode.net: n3td3v True Identity Finally Discovered? Read more www.informationweek.com: Q&A: Why Metasploit Publishes Hacker Tools. Read more www.eweek.com: Registrar Protocol Change Could Bring More Security to Domains. Read more www.technewsworld.com: The Changing Faces of Internet Security Threats, Part 2. Read more www.windowsnetworking.com: Networking Basics: Part 2 - Routers. Read more www.windowsnetworking.com: Networking Basics: Part 3 - DNS Servers. Read more www.eoncall.com: Audio: Security with Dana Epp. Listen podcast.dslextreme.com: Audio: KFI Tech Guy 294. Read more   Tools: www.activeworx.org: IDS Policy Manager v2.0.0.4 Beta Released. Read more   News australianit.news.com.au: MS vague on Vista security. Read more www.computerworld.com: Diebold source code leaked again. Read more www.infoworld.com: On heels of IE 7, Mozilla readies Firefox 2.0. Read more www.twincities.com: The browser race is speeding up. Read more www.washingtonpost.com: 'Click Fraud' Threatens Foundation of Web Ads. Read more edition.cnn.com: Security analysts: Mac attacks rare but may rise. Read more www.itnews.com.au: IAA, Sophos launch security awareness campaigns. Read more www.technewsworld.com: Buyer Beware When Shopping Online. Read more

. 21 October 2006 Guides, Papers, etc blogs.securiteam.com: Domain hijackers found EU Presidency and Summit .com domains. Read more blogs.securiteam.com: Very big spam list. Read more www.sophos.com: Trojan horse tempts users with raunchy pictures of pop group t.A.T.u. Read more www.secureworks.com: SpamThru Trojan Analysis. Read more www.avertlabs.com: MMORPG-Gold-Farming and Password-Stealers. Read more www.darkreading.com: Spammers Turn the Tables Again. Read more www.darkreading.com: Database Threat Intensifies. Read more www.securityfocus.com: Researcher attempts to shed light on security troll. Read more www.hackerfactor.com: Who is �n3td3v�? Read more www.technewsworld.com: The Changing Faces of Internet Security Threats, Part 2. Read more www.securityfocus.com: Opera browser patches buffer overflow. Read more www.smh.com.au: Lock the doors and Windows. Read more www.infoworld.com: Keeping up with advancing malware. Read more www.hackerfactor.com: Anti-Phishing: Page Encoding. Read more ip.securescience.net: Malware and the Myths of Key-Logging Prevention. Read more www.computerworld.com: Password: 0bs0l3t. Read more www.eweek.com: It's Vulnerability Storm Season. Read more   Vulnerabilities & Exploits securitytracker.com: Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories. Read more securitytracker.com: PHPlist Input Validation Flaw in 'index.php' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: BlackBerry Enterprise Server for Domino Lets Remote Authenticated Users Deny Service. Read more securitytracker.com: Serendipity Input Validation Flaws in Administration Interface Permit Cross-Site Scripting Attacks. Read more securitytracker.com: KnowledgeBank Input Validation Holes Permit Cross-Site Scripting Attacks. Read more securitytracker.com: UltraCMS Input Validation Flaw in Username and Password Fields Lets Remote Users Inject SQL Commands. Read more securitytracker.com: DigitalHive Include File Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Symantec Mail Security for Domino Premium AntiSpam Lets Remote Users Relay Mail. Read more   News www.theregister.co.uk: McAfee hoping MS will live up to 'hollow' promises. Read more www.betanews.com: Sophos: Microsoft Doesn't Need to Open Up PatchGuard. Read more www.theregister.co.uk: Spamhaus-style service aims to curb click fraud. Read more

. 20 October 2006 Guides, Papers, etc theinvisiblethings.blogspot.com: Vista RC2 vs. pagefile attack (and some thoughts about Patch Guard). Read more blogs.securiteam.com: Tiny PE - Rel0ad3d. Read more blogs.securiteam.com: Code crunching, crazy asm tricks? - code crunchers mailing list. Read more blogs.securiteam.com: Spamhaus Update: Judge Denies e360�s Requested Relief. Read more blogs.securiteam.com: Utimaco replies to SafeGuard Easy encryption key vulnerability. Read more www.avertlabs.com: 0-days That Weren�t (Quick or Accurate, Take Your Pick). Read more isc.sans.org: New Internet Explorer and an old vulnerability (NEW). Read more www.f-secure.com: War-E-Zov. Read more blogs.securiteam.com: P2P-based Spam Trojan Installs Anti-Virus. Read more www.secureworks.com: SpamThru Trojan Analysis. Read more web.cecs.pdx.edu: Anomaly-based Botnet Server Detection. Read more web.cecs.pdx.edu: An Algorithm for Anomaly-based Botnet Detection. Read more www.nucleusresearch.com: BENCHMARKING: PASSWORDS � THE SAD TRUTH ABOUT SECURITY. Read more searchwindowssecurity.techtarget.com: Step-by-Step Guide: Finding and removing a rootkit. Read more www.darkreading.com: The Ten Most Dangerous Things Users Do Online. Read more www.csoonline.com.au: The dirt on Web bugs. Read more   Vulnerabilities & Exploits securitytracker.com: Kaspersky Anti-Virus Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Highwall Enterprise Input Validation Hole Permits Cross-Site Scripting Attacks and Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Linux Kernel 'uaccess' S/390 Code Discloses Kernel Memory to Local Users. Read more securitytracker.com: Asterisk Integer Overflow in Skinny Channel Driver Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: SHTTPD Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Simplog Input Validation Flaw in 'comments.php' Script 'cid' Parameter Lets Remote Users Inject SQL Commands. Read more   Tools: www.itweb.co.za: Kaspersky Anti-Virus 6.0 tested best anti-virus product of the year. Read more jon.oberheide.org: Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface. Read more jon.oberheide.org: winnie is a network scanner capable of detecting honeypot deployments using Honeyd <= 1.0. Read more   News www.theregister.co.uk: MS and researchers split hairs over first IE7 flaw. Read more www.informationweek.com: Gartner: Vista PatchGuard Changes Will Take Years. Read more www.cbc.ca: Digital 'ID cards' key to future internet privacy: Microsoft. Read more www.eweek.com: Microsoft Blocks Vista Rootkit Exploit. Read more news.com.com: Zombies try to blend in with the crowd. Read more www.theregister.co.uk: Organised crime fails to stop skiddies. Read more www.varbusiness.com: Microsoft's Live Meeting For Security Firms Crashes. Read more www.varbusiness.com: Microsoft: McAfee Security Claims 'Inaccurate, Inflammatory'. Read more www.vnunet.com: Internet viruses drop 47 per cent. Read more www.zdnet.com.au: National Australia Bank hit by DDoS attack. Read more www.esecurityplanet.com: Hacking for Profit. Read more searchsecurity.techtarget.com: Malware authors producing stealthier creations. Read more

. 19 October 2006 Guides, Papers, etc www.f-secure.com: The Warezov worm saga continues. Read more www.usenix.org: HotBots '07 Call for Papers. Read more www.apple.com: Small Number of Video iPods Shipped With Windows Virus. Read more isc.sans.or: Oracle Quarterly Critical Patch Update (Oct 2006). Read more honeyblog.org: A Multifaceted Approach to Understanding the Botnet Phenomenon. Read more www.eweek.com: Readers Respond: Peter Coffee's Dirty Dozen IT Embarrassments. Read more jonpoon.blogspot.com: Where's your class? Your integrity? Read more ip.securescience.net: Virtual KeyboardVirtual Keyboards.Malware and the Myths of Key-Logging Prevention. Read more blogs.msdn.com: IE7 for the World. Read more didierstevens.wordpress.com: USBVirusScan. Read more www.darkreading.com: CSRF Vulnerability: A 'Sleeping Giant'. Read more ddanchev.blogspot.com: A Cost-Benefit Analysis of Cyber Terrorism. Read more msdn.microsoft.com: 8 Simple Rules For Developing More Secure Code. Read more zdpub.vo.llnwd.net: Audio: Our View: ZERT Works. Listen www.darkreading.com: Tossing My Cookies. Read more   Vulnerabilities & Exploits labs.idefense.com: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability. Read more securitytracker.com: IBM Lotus Notes Lets Local Users Modify Critical Files. Read more securitytracker.com: KDE Konqueror Integer Overflow in Processing Pixmap Images May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: HP Tru64 UNIX Dtmail Buffer Overflow Lets Local Users Gain Root Privileges. Read more securitytracker.com: Solaris tcp_fuse_rcv_drain() Bug Lets Local Users Deny Service. Read more securitytracker.com: GOOP Gallery Input Validation Flaw in 'image' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Opera Large Link Address Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: XORP OSPF Link State Advertisement Validation Error Lets Remote Users Deny Service. Read more securitytracker.com: Adobe Flash Player Plugin Lets Remote Users Injection Arbitrary HTTP Header Data. Read more securitytracker.com: Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact. Read more   News www.securityfocus.com: Apple ships virus on some video iPods. Read more www.theregister.co.uk: Trojan download site spoofs IE7 release outlet. Read more www.theregister.co.uk: Web viruses drop off despite IE exploit flap. Read more www.itnews.com.au: Trojan variants hide behind rootkits. Read more sunbeltblog.blogspot.com: Seen in the wild: Affinity spam. Read more www.theglobeandmail.com: Great Firewall of China lowers its barrier. Read more www.chinadaily.com.cn: China to blacklist those making, distributing 'spyware'. Read more www.theregister.co.uk: Spamhaus fights US court 'pro-spammer' ruling. Read more today.reuters.com: Microsoft releases long-awaited Explorer 7. Read more www.microsoft-watch.com: One Step Forward and One Step Back. Read more www.it-observer.com: The threat posed by portable storage devices. Read more www.theregister.co.uk: Adware rumpus over Battlefield 2142. Read more www.computerworld.com.au: Security firms wait for Microsoft's PatchGuard response. Read more www.technewsworld.com: McAfee Fires Allegations at Microsoft Over Vista Security. Read more www.theregister.co.uk: Ballmer: Microsoft helped security partners on Windows Vista. Read more www.channelnewsasia.com: Email may not be as secure as you think. Read more money.cnn.com: Passwords jotted down by 1 in 3 workers. Read more www.smh.com.au: Online sleuth tracks MySpace pedophiles. Read more

. 18 October 2006 Guides, Papers, etc www.packetstormsecurity.org: Practical Onion Hacking: Finding the real address of Tor clients. Read more isc.sans.org: Hacking Tor, the anonymity onion routing network (NEW). Read more www.itnews.com.au: New hacker toolkit cloaks browser exploits. Read more www.microsoft.com: Internet Explorer 7 will be delivered through Automatic Updates - customers should complete preparations by November 1. Read more www.avertlabs.com: Zero-Day Vulnerability Follows October �06 Patch Tuesday. Read more security.ithub.com: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit. Read more www.f-secure.com: Fake TV Ads. Read more www.darkreading.com: Malware: The Undead. Read more ddanchev.blogspot.com: Observing and Analyzing Botnets. Read more www.darkreading.com: CSRF Vulnerability: A 'Sleeping Giant'. Read more www.technewsworld.com: No Immunity for Macs. Read more msmvps.com: Yes we have more spam today.... Read more   Vulnerabilities & Exploits blogs.securiteam.com: NVIDIA driver flaw allows remote compromise. Read more securitytracker.com: F5 FirePass 1000 Input Validation Flaw in 'my.acctab.php3' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Toshiba Bluetooth Stack Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: 4images Input Validation Flaw in 'search.php' Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Comdev One Admin Include File Bug in 'oneadmin/adminfoot.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: NVIDIA Binary Graphics Driver for Linux Buffer Overflow Lets Local Users Gain Root Privileges. Read more securitytracker.com: Open Conference Systems Include File Bug in 'fullpath' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: phpCards Input Validation Hole Permits Cross-Site Scripting Attacks and Include File Bug Lets Remote Users Execute Local PHP Code. Read more securitytracker.com: IronWebMail IM_FILE Request Lets Remote Users Traverse the Directory. Read more securitytracker.com: Clam AntiVirus PE File Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Kerio WinRoute Firewall Can Be Crashed With a Specially Crafted DNS Response. Read more   News today.reuters.com: Web could be terror training camp: Chertoff. Read more news.com.com: FBI director wants ISPs to track users. Read more www.securityfocus.com: NVidia bug puts Linux systems at risk. Read more www.theregister.co.uk: Nvidia rooted by Linux graphics bug. Read more news.com.com: Quality, quantity of phishing kits on the rise. Read more www.theregister.co.uk: Free virus with some iPods. Read more www.theregister.co.uk: Oracle's mega-patch shuts 101 doors. Read more www.gulfnews.com: Hackers link consulate website to porn pages. Read more www.theregister.co.uk: Microsoft promises to give away key virtualization spec. Read more www.internetnews.com: New Microsoft License Ties Vista To Hardware. Read more www.techweb.com: Microsoft Clarifies: Only Cheapest Vistas Can't Power VMs. Read more today.reuters.co.uk: China Internet rumour-mongers face fines - report. Read more today.reuters.co.uk: Some Internet addicts cover up habit -study. Read more www.zdnet.com.au: Telephone hack costs NSW firm AU$9,000. Read more news.com.com: Securing consumer-friendly smart phones. Read more

. 17 October 2006 Guides, Papers, etc www.securityfocus.com: ModSecurity 2.0 with Ivan Ristic. Read more blogs.securiteam.com: QoS and bot traffic. Read more blogs.securiteam.com: Code Crunching - Tiny PE (challenge). Read more isc.sans.org: Active exploit of Open Conference Systems web application (NEW). Read more www.eweek.com: Is the Botnet Battle Already Lost? Read more www.eweek.com: 'Money Mules': The Hidden Side of Phishing. Read more www.eweek.com: Microsoft Caves on Vista Security. Read more www.wired.com: Install Vista, Buy Graphics Card. Read more sunbeltblog.blogspot.com: Symantec VP Rowan Trollope on PatchGuard: It ain't over. Read more aolradio.podcast.aol.com: Audio: Security Now 61: ISP Privacy. What your ISP knows about you and how to protect your privacy... Listen podcast.dslextreme.com: Audio: TLR 7: Leo on CFRB with John Donabie. Google You Tube merger, Windows Vista license limitations, and Oprah's red Nano... Listen media.libsyn.com: Audio: Interview with Johnny Long. Listen   Vulnerabilities & Exploits securitytracker.com: phpMyConferences Include File Bug in 'lvc_include_dir' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Bugzilla Discloses Attachment Description and 'Deadline' Field to Remote Users. Read more securitytracker.com: Bugzilla Input Validation Holes Permit Cross-Site Scripting Attacks. Read more   Tools: www.freewarefiles.com: EasyBCD 1.5 adds experimental support for dual-booting any of these along with Linux, Mac OS X, or BSD � straight from the Windows Vista bootloader without any additional configuration needed! Read more news.softpedia.com: Stop Viruses for Free! Read more   News today.reuters.com: UPDATE 3-Microsoft gives Vista data to security firms. Read more msnbc.msn.com: China's Internet Mess. Read more www.vnunet.com: EEye to build world's largest honeypot. Read more news.zdnet.co.uk: Cut-price phishing toolkits pose growing threat. Read more blogs.pcworld.com: Worm Eats into McDonald's Promotion. Read more www.theregister.co.uk: 419 scammers launch shipping sites. Read more www.computerworld.com: Spamhaus appeals possible shutdown ruling. Read more www.darkreading.com: Cybercrime: Better Than Drugs. Read more www.securityfocus.com: Poulsen helps nab MySpace predator. Read more www.darkreading.com: Attacks on Consumers Intensify. Read more edition.cnn.com: Digital age may bring total recall in future. Read more

. 16 October 2006 Guides, Papers, etc www.benedelman.org: Current Ask Toolbar Practices. Read more www.eweek.com: Is the Botnet Battle Already Lost? Read more blogs.securiteam.com: DLP on the rise: McAfee buys Israeli startup Onigma for $15-25 million. Read more www.f-secure.com: McDonalds ships MP3 players with a trojan. Read more www.mcs.vuw.ac.nz: Effectiveness of security by admonition: a case study of security warnings in a web browser setting. Read more www.hpl.hp.com: An epidemiological model of virus spread and cleanup. Read more www.siliconvalley.com: Today's computer viruses have more staying power. Read more www.techworld.com: Stop VPNs turning into open doors. Read more www.zdnet.com.au: Seven steps to increase Linux security. Read more www.thetechtray.ne: How to hide files in JPEG's. Read more   Vulnerabilities & Exploits securitytracker.com: Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code. Read more   Tools: www.gnucitizen.org: AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. Read more   News www.techworld.com: Microsoft warns of PowerPoint attack. Read more www.activewin.com: Hackers will crack Windows security tech soon. Read more news.softpedia.com: Vista PatchGuard Hacked. Read more news.softpedia.com: Vista's Patch Guard is Killing Next Generation Behavior-Blocking Technologies and Future Security Models. Read more www.zdnet.com.au: Security firms skeptical about Vista shift. Read more www.gizmodo.com: McDonalds: "I'm Lovin' Malware". Read more www.wired.com: MySpace Predator Caught by Code. Read more computerworld.co.nz: Email servers will choke, says Spamhaus. Read more blogs.zdnet.com: Wireless security to becom a $4.4 bln industry by 2010. Read more www.computerworld.com: British ISP fires back at spammers. Read more www.passivemode.net: The BBC Honeypot. Read more www.terra.net.lb: Software piracy costing Africa billions. Read more

. 14 October 2006 Guides, Papers, etc blogs.securiteam.com: There is no month without MS Office 0-day. Read more blogs.securiteam.com: ISOI II - a DA Workshop (announcement and CFP). Read more www.f-secure.com: Video - Your Marriage is in Danger! Read more isc.sans.org: New UrSnif/Haxdoor Variant (NEW). Read more www.avertlabs.com: From the floor of VB 2006, pt 2. Read more www.websense.com: Phishing Alert: BB & T Branch Banking & Trust. Read more www.websense.com: Phishing Alert: Teachers Credit Union. Read more honeyblog.org: Honeypot Compromise. Read more www.daniweb.com: small scale Trojan attacks big concern. Read more www.viruslist.com: Mobile Malware Evolution: An Overview, Part 2. Read more news.com.com: The future of malware: Trojan horses. Read more www.atomicmpc.com.au: The Making of Malware. Read more www.securityfocus.com: Hacking Web 2.0 Applications with Firefox. Read more www.networkworld.com: Vista's DRM features could bedevil antivirus. Read more www.opticsexpress.org: A method for secure communications over a public fiber-optical network. Read more www-users.cs.umn.edu: Worms: Taxonomy and Detection. Read more www.windowsitpro.com: WinInfo Short Takes. Read more www.smh.com.au: How to escape from junk mail hell. Read more www.computerweekly.com: The hacker handbook: 11 tips in 11 minutes. Read more www.miguelcarrasco.net: Blue Screen of Death Top 10. Read more blog.wired.com: Why Internet Explorer 7 Will Break the Web. Read more www.podtrac.com: Audio: Windows Weekly with Paul Thurrott 2: The Windows Shiv. Listen podcast.dslextreme.co: Audio: TLR 7: Leo on CFRB with John Donabie. Listen   Vulnerabilities & Exploits securitytracker.com: Microsoft PowerPoint Unspecified Bug May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Journals System 'phpbb_root_path' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.pfsense.com: pfSense 1.0 Firewall Released.Read more   News www.securityfocus.com: Targeted Trojan attacks on the rise. Read more www.theregister.co.uk: MySpace phishing scam targets music fans. Read more chinadigitaltimes.net: Who are China's Top Internet Cops? Read more www.techweb.com: Microsoft Opening Up Vista Kernel To Security Vendors. Read more www.washingtonpost.com: Microsoft Now Decides to Accept Outside Security for Vista. Read more www.theregister.co.uk: MS to pull security teams under Windows umbrella. Read more www.betanews.com: Microsoft to Alter Vista for EU, Korea. Read more www.darkreading.com: Anti-Malware Tools Trip Up IE7 Install. Read more www.darkreading.com: AV Vendors Need Not Fear Microsoft. Read more www.theregister.co.uk: ICANN refuses to pull Spamhaus domain. Read more www.vnunet.com: Cyber-criminals clone Google Italy site. Read more computerworld.com: British ISP fires back at spammers. Read more news.zdnet.co.uk: Researchers claim stealth encryption breakthrough. Read more www.pcworld.com: Google's Blogger Suffers Outage. Read more www.networkworld.com: Super stealthy Internet messaging method revealed. Read more www.washingtonpost.com: Hackers Stepping Up Pace of Microsoft Exploits. Read more arstechnica.com: Firefox accepting feature suggestions for version 3. Read more www.technewsworld.com: The Changing Faces of Internet Security Threats. Read more www.darkreading.com: Power Pay. Read more www.betanews.com: Bush Signs into Law Online Gambling Transaction Ban. Read more

. 13 October 2006 Guides, Papers, etc www.finjan.com: Malicious Code on Storage and Caching Servers. Read more www.hypponen.com: Virus Bulletin 2006 keynote. Read more www.viruslist.com: Back from BlackHat Tokyo 2006. Read more www.sophos.com: Spam campaign attempts to phish MySpace music fans, warns Sophos. Read more www.avertlabs.com: Live from VB2006. Read more www.passivemode.net: Online Banking Transactions. Read more www.eweek.com: Common Sense on Vista Adoption. Read more www.darkreading.com: HP-McAfee: Dangerous Liaison? Read more sunbeltblog.blogspot.com: Ruminations on the antispyware business. Read more stampf.lutin.free.fr: Worms of the future. Trying to exorcise the worst. Read more   Vulnerabilities & Exploits securitytracker.com: Mcafee Network Agent Lets Remote Users Deny Service. Read more securitytracker.com: Cisco Wireless Location Appliance Default Password Lets Remote Users Gain Root Access. Read more securitytracker.com: XeoPort Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Netscape Portable Runtime API Environment Variable Lets Local Users Create Arbitrary Files. Read more securitytracker.com: communityPortals Include File Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Softerra PHP Developer Library Include File Bug in 'grid3.lib.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: TagIt! Include File Flaw in 'delTagUser.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Claroline Include File Bug in 'inc/lib/import.lib.php' Lets Remote Users Execute Arbitrary Code. Read more   Tools: sourceforge.net: Taof - The art of fuzzing. Read more www.betanews.com: Virtual PC 2007 Beta Now Available. Read more www.simplehelp.net: 10 Windows Explorer alternatives compared and reviewed. Read more   News www.securityfocus.com: Spying on bot nets becoming harder. Read more www.securityfocus.com: One laptop per child seeks top hackers. Read more www.theregister.co.uk: Infection-by-cache risk unearthed. Read more www.techweb.com: Vista Licenses Limit OS Transfers, Ban VM Use. Read more www.darkreading.com: Google Searchers Find Malware. Read more news.com.com: Security expert: User education is pointless. Read more www.computerweekly.com: VoIP tightens security against fuzzing, zombies, malicious intruders. Read more software.silicon.com: Hackers 'will crack Windows security tech soon'. Read more www.theage.com.au: Hackers steal US$500,000 (euro399,010) out of U.S. Virgin Islands government bank accounts. Read more news.zdnet.co.uk: Microsoft: Patching problems are over. Read more www.computerworld.com: Brief: Congressional Budget Office mailing list hacked. Read more

. 12 October 2006 Guides, Papers, etc blogs.securiteam.com: ICANN Issues a Statement on the Spamhaus Case. Read more blogs.securiteam.com: New Haxdoor variant spreading - do we have protection? Read more www.f-secure.com: Update Considerations. Read more www.viruslist.com: Legal spyware. Read more blogs.msdn.com: IE7 Installation and Anti-Malware Applications. Read more www.avertlabs.com: Microsoft near to patching 100 critical vulnerabilities this year! Read more www.cio-today.com: The Best Spyware Stopper. Read more www.cio-today.com: Technology The Boss Uses To Spy on You. Read more www.viruslist.com: Mobile Malware Evolution: An Overview, Part 1. Read more www.viruslist.com: Mobile Malware Evolution: An Overview, Part 2. Read more honeyblog.org: Catching Malware Detecting, Tracking, and Mitigating Botnets. Read more blogs.msdn.com: IE7 Installation and Anti-Malware Applications. Read more www.scmagazine.com: Caching servers store malicious code. Read more www.computerworld.com: Fighting security threats from IM and rogue Web access. Read more   Vulnerabilities & Exploits secunia.com: Microsoft Windows Object Packager Dialog Spoofing. Read more securitytracker.com: HP Version Control Agent Lets Remote Authenticated Users Access the System With Elevated Privileges. Read more securitytracker.com: Eazy Cart Bugs Let Remote Users Gain Administrative Access, Modify Prices, and Conduct Cross-Site Scripting Attacks. Read more   News www.computerworld.com.au: Hackers commercialize toolkits for profit. Read more news.com.com: ICANN: Sorry, we can't delete Spamhaus.org's domain. Read more business.bostonherald.com: Group warns of more junk e-mail. Read more www.theregister.co.uk: It's the information, stupid. Read more today.reuters.com: Microsoft rolls out online safety initiative. Read more www.editorandpublisher.com: China Unblocks Wikipedia. Read more blogs.zdnet.com: A sneaky change in Windows licensing terms. Read more blogs.zdnet.com: Protect DVD-Video - A slap in the face for PC and Media Center owners. Read more www.osweekly.com: Evil Microsoft vs. Poor Security Firms. Read more

. 11 October 2006 Guides, Papers, etc blogs.securiteam.com: isc.sans.org: Chalk one up for Spamhaus. Read more isc.sans.org: Delays on Windows Update & the Death of SUS. Read more searchwindowssecurity.techtarget.com: Debunking the "Blue Pill" Vulnerability Theory. Read more www.avertlabs.com: Another backdoor with password stealer capabilities in the wild. Read more www.avertlabs.com: Microsoft near to patching a 100 critical vulnerabilities this year! Read more www.technewsworld.com: The False Promise of Browser Security. Read more www.cs.unc.edu: Early DoS and Worms. Read more www.kottke.org: Google code search. Read more didierstevens.wordpress.com: Update: Google and the Drive-by Download. Read more   Vulnerabilities & Exploits securitytracker.com: Macromedia ColdFusion 3rd Party Bug Lets Local Users Gain Local System Privileges. Read more securitytracker.com: Adobe Breeze Licensed Server URL Parsing Bug Lets Remote Users Traverse the Directory. Read more securitytracker.com: Adobe Contribute Publishing Server Discloses Administrative Password to Local Users. Read more securitytracker.com: Windows Object Packager RTF File Object Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service. Read more securitytracker.com: Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information. Read more securitytracker.com: Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: ASP.NET Input Validation Hole in AutoPostBack Feature Permits Cross-Site Scripting Attacks. Read more securitytracker.com: eXpBlog Input Validation Holes in 'kalender.php' and 'pre_details.php' Permit Cross-Site Scripting Attacks. Read more securitytracker.com: OpenDock Easy BLOG Include File Bug in 'doc_directory' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Docmint Include File Flaw in 'MY_ENV[BASE_ENGINE_LOC]' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: BorderManager IPSec/IKE Settings May Cause the Server to Crash. Read more securitytracker.com: AOL Buffer Overflows in You've Got Pictures ActiveX Controls Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: WebYep Include File Flaw in 'webyep_sIncludePath' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: OpenDock Easy Doc 'doc_directory' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: OpenDock Easy Gallery 'doc_directory' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Python repr() Processing of UTF-32/UCS-4 Strings May Let Remote Users Deny Service or Execute Arbitrary Code. Read more   Tools: cigars.bravepages.com: Terrorism Toolbar. Read more www.eggheadcafe.com: Convert HTML / script to Javascript Include Source. Read more   News www.securityfocus.com: Microsoft's big patch day fixes 26 flaws. Read more www.symantec.com: Trojan.Radropper Exploits WinRAR Vulnerability. Read more www.theregister.co.uk: Spamhaus fights US court domain threat. Read more www.theregister.co.uk: Swiss gov 'mulls' spyware to tap VoIP calls. Read more www.smh.com.au: Anti-spam group warns it may lose domain name, potentially unleashing more junk mail. Read more www.redorbit.com: Hackers Hit Atascadero's Web Site. Read more www.it-observer.com: Spam used to boost stock prices. Read more news.com.com: Flaw count hits a high. Read more news.bbc.co.uk: Trapping hackers in the honeypot. Read more computerworld.com: Microsoft: Vista antipiracy policy won't mean more spyware. Read more www.theherald.co.uk: Forget the nerd hacker, this is organised crime. Read more

. 10 October 2006 Guides, Papers, etc blog.spywareguide.com: IE Used to Launch Instant Messaging and Questionable Clicks. Read more www.eweek.com: Dive into the PhishTank. Read more www.kbcafe.com: Video: Spyware Rubbernecking. Watch sunbeltblog.blogspot.com: The Problem of Adware in Free Software Downloads. Read more news.zdnet.com: Why Microsoft is wrong on Vista security. Read more www.windowsnetworking.com: TCP/IP Troubleshooting: A Structured Approach - Part 1: An Introduction. Read more   Vulnerabilities & Exploits securitytracker.com: Cisco Secure Desktop May Let Local Users Access Data Via Windows Operating System Files. Read more securitytracker.com: PHP Live! Include File Bug in 'help.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Xdm May Let Local Users View the Error Log Files of a Target User. Read more securitytracker.com: Solaris Link Aggregation Access Restrictions Let Local Users Monitor Network Packets. Read more   News www.theregister.co.uk: Chinese crackers attack US.gov. Read more www.securityfocus.com: Online attackers hit Commerce Dept. Read more www.heise-security.co.uk: Superintendent Trojan. Read more www.pcauthority.com.au: Hacker cracks Google Blogger security. Read more www.vnunet.com: Security pros should target the enemy within. Read more www.vnunet.com: UK survey reveals widespread online fears. Read more www.darkreading.com: Monkeyspaw Grabs Phishers. Read more www.technewsworld.com: Microsoft's Refusal to Share Vista Kernel Still Drawing Fire. Read more www.newsfactor.com: Final Test Version of Windows Vista Released. Read more ww.internetnews.com: How Insecure Do You Think You Are? Read more

. 09 October 2006 Guides, Papers, etc www.benedelman.org: False and Deceptive Pay-Per-Click Ads. Read more www.benedelman.org: PPC Ads, Misleading and Worse. Read more www.f-secure.com: Denmark targeted. Read more blogs.securiteam.com: Mooooooooooore fun with Google Code Search [updated]. Read more blogs.securiteam.com: More fun with Google Code Search! [updated #5]. Read more monkey.org: insecurity stats via google codesearch. Read more asert.arbornetworks.com: Static Code Analysis Using Google Code Search. Read more isc.sans.org: Spam Backscatter (NEW). Read more blogs.securiteam.com: The Spamhaus case, a spam-savvy Illinois lawyer perspective. Read more blogs.securiteam.com: LiveView - Work with imaged drives on VMware. Read more blog.assarbad.net: So IE7 is coming. Who cares anyway? Read more weblog.infoworld.com: 5 spam blockers by the numbers. Read more security.ithub.com: OpenDNS Fills the PhishTank. Read more www.zdnet.co.uk: The internet has changed the dynamics of the game. Read more www.youtube.com: How to Hack a Windows XP Password Without any Programs. Watch news.bbc.co.uk: Tips to help you stay safe online. Read more   Vulnerabilities & Exploits securitytracker.com: FastFind Input Validation Hole in 'query' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: BSD UNIX systrace STRIOCREPLACE Integer Overflow Lets Local Users Obtain Elevated Privileges. Read more securitytracker.com: ackerTodo Missing Input Validation in 'gadget/login.php' Lets Remote Users Inject SQL Commands. Read more securitytracker.com: TorrentFlux Missing Input Validation in HTTP User-Agent Permits Cross-Site Scripting Attacks. Read more   Tools: liveview.sourceforge.net: Live View is a tool that allows disk images or physical drives to be booted up in a virtual machine and examined in a forensically sound manner. Read more   News www.vnunet.com: Microsoft courts controversy by endorsing adware purveyor. Read more www.builderau.com.au: Google destroys Security Through Obscurity. Read more news.bbc.co.uk: Tracking down hi-tech crime. Read more www.ioltechnology.co.za: Chinese hackers hit US state computers. Read more www.activewin.com: MS Security patches for October. Read more news.com.com: D'oh! E-mails that embarrass. Read more www.itwire.com.au: Vista spyware may give filip to Linux and OS X. Read more www.theinquirer.net: Symantec's Thompson said Microsoft should compete, not control. Read more

. 07 October 2006 Guides, Papers, etc blogs.securiteam.com: More fun with Google Code Search! Read more www.gfi.com: Why one virus engine is not enough. Read more blogs.msdn.com: IE7 Is Coming This Month...Are you Ready? Read more www.computerworld.com: Your next wireless security problem. Read more www.informit.com: The Windows Vista Interface. Read more aolradio.podcast.aol.com: Audio: Security Now! 60: Q&A #11. Listen   Vulnerabilities & Exploits securitytracker.com: CA Business Protection Suite Buffer Overflows in Backup Agent, Job Engine and Discovery Services Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: BrightStor Enterprise Backup Buffer Overflows in Backup Agent, Job Engine and Discovery Services Let Remote Users Execute Arbitrary Code. Read more   News blogs.securiteam.com: ICANN ordered by Illinois court to suspend spamhaus.org. Read more www.securityfocus.com: Google Code Search peers into programs' flaws. Read more www.infoworld.com: Hackers find use for Google Code Search. Read more today.reuters.com: Microsoft is not trying to block access says Kaspersky. Read more www.securityfocus.com: Microsoft to release 11 patches. Read more www.theregister.co.uk: Worm automates Google AdSense fraud. Read more www.securityfocus.com: Windows Vista Security debate rages on. Read more news.bbc.co.uk: Microsoft engaging with hackers. Read more

. 06 October 2006 Guides, Papers, etc www.f-secure.com: WOW. Read more www.f-secure.com: If you buy this lousy fake antispyware today within the next 15 minutes... Read more blogs.msdn.com: An Introduction to Kernel Patch Protection. Read more msdn.microsoft.com: Understanding and Working in Protected Mode Internet Explorer. Read more www.eweek.com: Security, Hypocrisy and the Kernel Patching Spat. Read more blogs.securiteam.com: Code auditing with Google. Read more sunbeltblog.blogspot.com: Is this freshly minted Microsoft MVP actually an adware pusher? Read more www.viruslist.com: More crime, fewer arrests? Read more blogs.msdn.com: USB Blocking in Release Candidate 1. Read more blogs.securiteam.com: Wikipedia Abused in a Nigerian Scam [updated]. Read more www.gfi.com: Pod Slurping � an easy technique for stealing data. Read more www.wired.com: Beguiling but Beware: Ajax, VOIP. Read more Audio: Security Now! 60: Q&A #11. Listen   Vulnerabilities & Exploits securitytracker.com: Symantec Mail Security NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges. Read more securitytracker.com: Norton System Works NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges. Read more securitytracker.com: Symantec Norton Anti-Virus Active X Control Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Symantec Norton Internet Security Active X Control Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more   News www.washingtonpost.com: Computer System Under Attack. Read more www.informationweek.com: Trend Micro: Thousands Of Government Computers Infected By Bots. Read more www.networkworld.com: Sex, gambling and computer game sites being abused by Department of Interior. Read more www.pcw.co.uk: FTP worm tops threat list for September. Read more www.vnunet.com: Microsoft readies October security patches. Read more www.itbusiness.ca: Vista: Locked down. Read more www.vnunet.com: Browser history hack compromises user privacy. Read more www.net-security.org: Russian internet blackmailers jailed for extorting gambling websites. Read more www.net-security.org: 67 new variants of the Spamta worm appear in just 7 days, reports Panda Software. Read more www.informationweek.com: Hacker Kit Use Surges, Means More Malicious Sites. Read more www.infoworld.com: The sad state of computer security. Read more www.itbsecurity.com: GFI Warns One Anti-virus Engine Is Not Enough To Protect Your Business. Read more www.itwire.com.au: Social networking sites an open door to hackers. Read more mathaba.net: Skype Careless on Security, Privacy Issues. Read more news.zdnet.co.uk: William Hill ups its game against hackers. Read more

. 05 October 2006 Guides, Papers, etc isc.sans.org: Old Webmin bug still be exploited (NEW). Read more isc.sans.org: Sniffers in Perl?!? (NEW). Read more www.darkreading.com: The Perils of Third-Party Patches. Read more www.darkreading.com: Security's Rotten Apples. Read more www.darkreading.com: Instant Message, Instant Infection. Read more ipcommunications.tmcnet.com: How do you secure an insecure OS? Read more www.ists.dartmouth.edu: A THEORETICAL SUPERWORM. Read more portal.spidynamics.com: How Prevalent Are SQL Injection Vulnerabilities? Read more haskell.org: Roll your own IRC bot. Read more media.libsyn.com: Audio: CyberSpeak October 1, 2006. Listen   Vulnerabilities & Exploits securitytracker.com: Taskjitsu Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more securitytracker.com: PHP Race Condition Lets Users Bypass open_basedir Restrictions. Read more securitytracker.com: Cerberus Helpdesk 'ticket_id' Parameter Reuse Lets Remote Users Obtain Potentially Sensitive Information. Read more   Tools: www.theregister.co.uk: VMware does 64-bits in full. Read more   News www.securityfocus.com: Windows Vista piracy cripples OS. Read more www.securityfocus.com: HP's Dunn faces criminal charges. Read more www.informationweek.com: Hacker Kit Use Surges, Means More Malicious Sites. Read more online.wsj.com: Those IMs Aren't as Private as You Think. Read more www.itnews.com.au: McAfee buys Citadel Security. Read more today.reuters.com: Google launches search service for computer code. Read more www.terra.net.lb: Google to launch "Literacy Project" in Germany this month. Read more www.betanews.com: Google Premieres Free Web Gadgets. Read more www.techweb.com: Risky Online Behavior Is Back Door To Cybercrime: Study. Read more www.theregister.co.uk: Social networkers risk losing their identities. Read more www.theregister.co.uk: Admin password security 'abysmal'. Read more www.theregister.co.uk: Russian bookmaker hackers jailed for eight years. Read more www.internetnews.com: Yahoo Gets Hacked And Likes It. Read more www.phishtank.com: Join the fight against phishing. Read more msinfluentials.com: Security Vendors: Microsoft is making Vista Too Secure. Read more news.com.com: DVD Jon strikes again, this time for profit. Read more

. 04 October 2006 Guides, Papers, etc blog.spywareguide.com: IE Used to Launch Instant Messaging and Questionable Clicks. Read more sunbeltblog.blogspot.com: New rogue on the loose: PestCapture. Read more   Vulnerabilities & Exploits securitytracker.com: Unicenter Web Services Distributed Management Discloses Files to Remote Users. Read more securitytracker.com: Novell GroupWise Messenger Agents Blowfish Error Lets Remote Users Deny Service. Read more securitytracker.com: McAfee ePolicy Orchestrator Buffer Overflow in Processing HTTP Source Headers Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: McAfee ProtectionPilot Buffer Overflow in Processing HTTP Source Headers Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Solaris IPv6 Fragment Reassembly Bug Lets Remote Users Cause a Kernel Panic. Read more www.skype.com: SKYPE-SB/2006-002: Improper handling of URI arguments. Read more   News www.securityfocus.com: Mozilla flaws more joke than jeopardy. Read more news.com.com: Hacker backpedals on Firefox zero-day. Read more www.theregister.co.uk: Unofficial patches defend against further IE flaw. Read more www.theregister.co.uk: Stealth techniques push malware under the radar. Read more internetweek.cmp.com: Beware Malicious Sites As Hacker Kit Use Explodes. Read more en.rian.ru: Russian hackers given stiff prison sentences. Read more www.windowsitpro.com: Microsoft Appeals EU Fine. Read more news.zdnet.co.uk: Spammers face jail. Read more www.theregister.co.uk: Flight disaster phishing scam lands in Brazil. Read more www.pcworld.com: Hackers Crash the Social Networking Party. Read more www.technewsworld.com: Report: Cell Phone Worms, VoIP Fraud to Grow in '07. Read more www.microsoft-watch.com: The Lion and the Mice. Read more

. 03 October 2006 Guides, Papers, etc www.mcafee.com: Microsoft Increasing Security Risk with Vista. Read more isc.sans.org: Detecting attacks against servers (NEW). Read more knowledge.wharton.upenn.edu: Clickprints on the Web: Are there signatures in Web browsing data? Read more www.enterprisenetworksandservers.com: The Rise of Rootkit-Based Malware: Why anti-spyware and anti-virus software is no longer enough. Read more www.eweek.com: The Limits of Scanning. Read more www.av-test.org: 2006-10-01 Cross Reference List of Virus Names. Download www.youtube.com: Video: Spyware Rubbernecking. Watch www.computerworld.com: 10 tips to secure client VPNs. Read more   Vulnerabilities & Exploits securitytracker.com: Sunbelt Kerio Personal Firewall Input Validation Flaws in Hooked System Calls Let Local Users Deny Service. Read more securitytracker.com: Skype Unspecified Format String Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: IBM AIX acctctl Command Lets Local Users Gain Root Privileges. Read more securitytracker.com: Trend Micro OfficeScan Corporate Edition Format String Flaw in 'ATXCONSOLE.OCX' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mozilla Firefox Unspecified Stack Overflow in Processing JavaScript Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Cyrus SASL DIGEST-MD5 Negotiation Flaw Lets Remote Users Deny Service. Read more securitytracker.com: Apple LoginWindow Lets Local Users Access Another User's Kerberos Tickets or Bypass Access Controls. Read more securitytracker.com: Mac OS X Workgroup Manager May Display the Incorrect Password Authentication Method. Read more securitytracker.com: Mac OS X WebCore WebKit Memory Management Error Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.betanews.com: VMware Releases New Converter Tool. Read more   News www.securityfocus.com: Attacks prompt third parties to fix flaw. Read more news.com.com: McAfee knocks Microsoft over Vista roadblocks. Read more www.theregister.co.uk: Virus-infected email hits rock bottom. Read more www.zdnet.com.au: VoIP, mobile security top SANS 2007 'hit list'. Read more www.theregister.co.uk: US government steps back from internet control. Read more www.theregister.co.uk: Vista hit by EC fears and McAfee ire. Read more www.theregister.co.uk: PGP puts finger in network storage dyke. Read more news.com.com: Report shows HP sought expert to help find leak. Read more software.silicon.com: "Impossible to patch": Hackers unearth Firefox hole. Read more news.com.com: In Washington, a Net protector or predator? Read more searchsecurity.techtarget.com: Symantec Dark Vision app monitors underground IRC servers. Read more www.windowsitpro.com: Exclusive: Here Comes Windows Vista RC2. Read more

. 02 October 2006 Guides, Papers, etc blogs.securiteam.com: 0day vulnerabilities in Firefox, with source. Read more isc.sans.org: Yellow: WebViewFolderIcon setslice exploit spreading (NEW). Read more blogs.technet.com: The Case of the Notepad that Wouldn't Run. Read more www.spidynamics.com: Stealing Search Engine Queries with JavaScript. Read more www.microsoft.com: Podcasts: How Microsoft IT Defends Against Spam, Viruses, and E-Mail Attacks. Listen www.vitalsecurity.org: Stupidest. Botnet. Ever. Read more blog.spywareguide.com: Pipeline Worm Floods AIM with Botnet Drones. Read more podcast.dslextreme.com: Audio: KFI Tech Guy 288. Security flaws galore, in Firefox, in Windows, and on the Mac... Listen   Vulnerabilities & Exploits securitytracker.com: Apple QuickDraw Manager PICT Image Processing Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X Preferences May Let Users Retain Administrative Privileges. Read more securitytracker.com: Mac OS X Mach Kernel Exception Error Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Apple ImageIO Buffer Overflow in Processing JPEG2000 Images Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Apple CFNetwork Error May Cause Incorrect SSL Authentication Status to Be Displayed. Read more securitytracker.com: OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code. Read more securitytracker.com: HP Ignite-UX Server Bug Lets Remote Users Obtain Root Access. Read more securitytracker.com: Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution. Read more securitytracker.com: OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames. Read more   News news.zdnet.co.uk: Hackers: Firefox has JavaScript flaw. Read more weblog.infoworld.com: MS: Patching obsolete OSes gives 'false sense of security'. Read more blogs.pcworld.com: Another third-party Windows fix released. Read more www.eweek.com: Inside the Third-Party Patching Conundrum. Read more news.com.com: Cybercrooks add Windows flaw to arsenal. Read more www.myantispyware.com: MSN Worm Used to install Backdoor. Read more www.zone-h.org: New defacements' messages threatening the Pope. Read more news.com.com: Iranian video game targets U.S. tanker. Read more edition.cnn.com: The growing world of Google Earth. Read more

Copyright� MegaSecurity.org