Home    News Archive    Translate Traducen

News November 2006

30 November 2006 Guides, Papers, etc isc.sans.org: New and Improved Honeynet Tools availability. Read more www.cylab.cmu.edu: Phinding Phish: An Evaluation of Anti-Phishing Toolbars. Read more www.sans.org: Mac OS X 10.4 Security Checklist. Read more www.avertlabs.com: On defensive technologies turning offensive and vice-versa..Read more www.newscientisttech.com: Hard-working chips may reveal encryption keys. Read more   Vulnerabilities & Exploits securitytracker.com: Horde Kronolith 'lib/FBView.php' Local Include File Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: NetWare Client Print Provider Buffer Overflows in EnumPrinters() and OpenPrinter() Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X shared_region_make_private_np() Memory Error Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Apple Mac OS X ppp Buffer Overflow Lets Remote Users on the Local Network Execute Arbitrary Code. Read more securitytracker.com: Mac OS X Components Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X ftpd Discloses Valid User Account Names to Remote Users. Read more securitytracker.com: Apple CFNetwork Lets Remote Users Inject FTP Commands. Read more securitytracker.com: Mac OS X Apple Type Services Lets Local Users Gain System Privileges and Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X Security Framework May Use Weaker or No Encryption, Fail to Check CRLs, and Let Remote Users Deny Service. Read more securitytracker.com: Adobe Acrobat Buffer Overflow in 'AcroPDF.dll' ActiveX May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Symantec NetBackup PureDisk PHP Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitycadets.com: Guess who goofed up their new fake BrainCodec-homesite. Read more   News software.silicon.com: Alert over Spybot worm. Read more www.itweek.co.uk: Security experts warn of Vista-specific malware. Read more www.computerworld.com: Patient data exposed in two separate security breaches. Read more www.it-observer.com: 2007 to bring video viruses and mobile attacks. Read more www.internetnews.com: Microsoft Revises Controversial WGA. Read more arstechnica.com: Cheap PCs could herald a spam epidemic. Read more

. 29 November 2006 Guides, Papers, etc isc.sans.org: Phishing by proxy (NEW). Read more www.avertlabs.com: BuddyProfile used to spread exploits. Read more www.darkreading.com: Where the Bugs Are. Read more www.linklogger.com: Outlook Filters are your Friend. Read more www.dailycupoftech.com: Recovering Your Lost Passwords. Read more www.securityabsurdity.com: Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. Read more   Vulnerabilities & Exploits www.frsirt.com: Adobe Reader and Acrobat ActiveX Control Remote Code Execution Vulnerabilities. Read more isc.sans.org: New Vulnerability Announcement and patches from Apple (NEW). Read more securitytracker.com: NetBSD Kernel Bugs Let Local Users Consume Sockets or Cause a Kernel Panic. Read more securitytracker.com: NetBSD ptrace() and if_clone_list() Bugs Disclose Kernel Memory to Local Users. Read more securitytracker.com: GnuPG Interactive Mode Buffer Overflow in make_printable_string() May Let Users Execute Arbitrary Code. Read more   Tools: www.networkworld.com: Need a valid e-mail address to register but don't want the spam? Try this Seam-based Web app. Read more ophcrack.sourceforge.net: Ophcrack is a Windows password cracker based on rainbow tables. Read more didierstevens.wordpress.com: USBVirusScan. Read more   News www.securityfocus.com: Bot spreads through antivirus, Windows flaws. Read more asert.arbornetworks.com: That New Bot: IRC Bot attacking Symantec Overflow. Read more news.zdnet.com: Microsoft set to push out updated antipiracy tool. Read more news.zdnet.co.uk: Criminal gangs causing UK spam surge. Read more www.securityfocus.com: Obsessed fan hacks Linkin Park singer. Read more www.securityfocus.com: A Hard Lesson in Privacy. Read more www.theregister.co.uk: Fake boarding pass brouhaha settled amicably. Read more www.stuff.co.nz: Broadband PCs attacked over 100 times a day. Read more www.techworld.com: New version of Skype now harder to detect. Read more resources.zdnet.co.uk: Don't fall prey to these methods of VoIP abuse. Read more www.theregister.co.uk: Web browsing behind closed doors. Read more www.pcw.co.uk: Most surfers still ignoring IT security. Read more news.com.com: Apple Mac OS X patch plugs 31 vulnerabilities. Read more www.darkreading.com: Spam Victims Get the Picture. Read more news.com.com: Google flaw adds phishing hole to Web sites. Read more arstechnica.com: New Opera makes music on cell phones. Read more

. 28 November 2006 Guides, Papers, etc blogs.technet.com: The Case of the Delayed Windows Vista File Open Dialogs. Read more sunbeltblog.blogspot.com: Silver, Gold... but you're not getting platinum, scumbags. Read more indystar.gns.gannett.com: Securing your PC takes work. Read more   Vulnerabilities & Exploits securitytracker.com: JBoss Application Server Error in DeploymentFileRepository Class Lets Remote Users Read and Write Files. Read more securitytracker.com: Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: MailEnable Grants Administrative Access to .NET WebAdmin Service to Remote Users. Read more securitytracker.com: GNotebook Discloses Passwords to Local Users. Read more securitytracker.com: GNU RADIUS 'sqllog' Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: WinGate DNS Request Processing Bug Lets Remote Users Deny Service. Read more   News www.theregister.co.uk: Brussels declares war on spyware and spam. Read more www.securityfocus.com: Vista protects MS Office from attack. Read more www.securityfocus.com: Report: Mining of bank data broke European law. Read more www.crn.com: Chip Can Stop PC Viruses, But Cost A Hurdle. Read more www.itpro.co.uk: University of Toronto launches web censorship workaround tool. Read more news.com.com: For iTunes hacker, the freedom of the open code. Read more news.zdnet.co.uk: Google flaw provides phishing hook. Read more news.sympatico.msn.ctv.ca: Up to 80 per cent of emails are spam: EU study. Read more www.technewsworld.com: Spam Volumes Continue to Soar. Read more www.economist.com: Think before you sync. Read more www.thestar.com: Project aims to block child porn sites. Read more

. 27 November 2006 Guides, Papers, etc blogs.securiteam.com: Defeating Image-Based Virtual Keyboards and Phishing Banks. Read more www.f-secure.com: Zero day Warezov. Read more www.viruslist.com: Saturday morning specials. Read more isc.sans.org: Mailbag and DShield items generate a post VNC exploitation fun question (NEW). Read more neosmart.net: Firefox 2.0 Recap. Read more sfgate.com: How sensor-ship could help security. Read more www.networkworld.com: Face-off: Mobile VPN is a better choice than an SSL VPN - Network Worl. Read more   Vulnerabilities & Exploits securitytracker.com: mmgallery Input Validation Hole in 'thumbs.php' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: PHP-Nuke Input Validation Flaw in News Module in 'sid' Parameter Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Fixit iDMS Pro Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: JiRo's Link Manager Missing Input Validation Permits SQL Injection and Cross-Site Scripting Attacks. Read more   News www.nytimes.com: Web Tool Said to Offer Way Past the Government Censor. Read more www.digitimes.com: China market: 3Q shipments of anti-virus software valued at 285 million yuan. Read more msmobiles.com: Followup: security company uses fabricated research to sell security software. Read more www.itrportal.com: Weekly report on viruses and intruders. Read more fraudwar.blogspot.com: How to Protect Yourself from the Cyber Criminals on Cyber Monday. Read more www.techworld.com: Devastating mobile attack under spotlight. Read more opinion.zdnet.co.uk: Vista will force need for network forensics. Read more www.washingtonpost.com: Feds: Linkin Park Fan Hacks Phone Data. Read more www.hamiltonspectator.com: Battle against child cyberporn. Read more www.newindpress.com: Cyber crime against women on a rise. Read more www.youtube.com: Hidden Music Track In Windows XP. Watch

. 25 November 2006 Guides, Papers, etc isc.sans.org: Interesting Potential Attack Vector (NEW). Read more taosecurity.blogspot.com: Digital Security Lessons from Ice Hockey. Read more www.podtrac.com: Audio: Windows Weekly 6: ReadyBoost, RibbonX, and PowerShell, Oh My! Listen   Vulnerabilities & Exploits securitytracker.com: Crystal Reports Report File Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: a ConMan Include File Bug in 'common.inc.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: EC-CUBE Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: MailEnable Buffer Overflow in IMAP Service May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Netgear WG311v1 Wireless Adapter SSID Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more   News www.securityfocus.com: IAdware Trojan aims for Macs. Read more shns.abc15.com: Computer firm lures hackers in to snare them. Read more www.cdrinfo.com: Chip to Block Computer Viruses. Read more www.redding.com: Paying for separate anti-virus software is not always sensible. Read more www.vnunet.com: Phishing site offers 'job' at children's charity. Read more theseoultimes.com: Internet Fraud, Greedy Easy Targets? Read more www.thisisyork.co.uk: Children�s database �secure� from hackers. Read more news.zdnet.co.uk: Google: mobile operators want to block our apps. Read more arstechnica.com: Microsoft: virtualization not mature enough for home Vista users. Read more staysafeonline.org: 83 Percent of Adults Who Social Network Expose Themselves To Hackers and Identity Thieves. Read more www.computerworld.com: Antivirus software now a subscription situation. Read more technology.guardian.co.uk: The price of humans who'll spam blogs is falling to zero. Read more today.reuters.com: Microsoft brings 129 lawsuits against phishers. Read more www.terra.net.lb: Italian prosecutors investigate Google over bully video. Read more www.smh.com.au: Stranger danger program launched. Read more

. 24 November 2006 Guides, Papers, etc blogs.securiteam.com: Anonymizing RFI Attacks Through Google. Read more www.f-secure.com: iAdware. Read more www.virtualforge.de: Web Application Vulnerability Scanners - a Benchmark. Read more engtech.wordpress.com: The Great Firewall of Canada. Read more www.vitalsecurity.org: Beware of DoiiarRevenue.com: Mimicking an Adware vendor for fun and profit. Read more passivemode.net: Fiber-Optic Network Security. Read more www.betanews.com: Seagate: The Hard Drive, Reconsidered. Read more digitaldebateblogs.typepad.com: Bruce Schneier, BT Counterpane. Read more stufffromkevin.blogspot.com: Hacking Internet Cameras. Watch www.howtoforge.com: Wardriving Using An Ubuntu Notebook With Garmin Etrex, Kismet, And GPSDrive. Read more   Vulnerabilities & Exploits vuln.sg: About Acer Notebook LunchApp.APlunch ActiveX Control....Read more securitytracker.com: Net-SNMP Lets Remote Users Deny Service. Readn more securitytracker.com: SSO Plus Insecure Default Permissions Let Local Users Obtain Elevated Privileges. Read more www.infoworld.com: Update your wireless driver. Read more   News www.securityfocus.com: Copyright Office publishes digital exemptions. Read more www.vnunet.com: 'Evil twin' Wi-Fi hacks target the rich. Read more www.strategypage.com: The Russian Cyber War Army Attacks. Read more www.2-spyware.com: Firefox vulnerability can be used to steal confidential information. Read more

. 23 November 2006 Guides, Papers, etc www.symantec.com: Assessment of Windows Vista Kernel-Mode Security. Read more www.winsupersite.com: Hacking Windows Vista. Read more www.f-secure.com: Warezov List. Read more www.eweek.com: Be Thankful: You Can Be Safe. Read more isc.sans.org: If IE Suddenly Says "Se Habla Espanol" ... (NEW). Read more www.site-reference.com: Malicious Code Injection: It's Not Just for SQL Anymore. Read more www.niallkennedy.com: The Spam Farms of the Social Web. Read more www.sixwise.com: 11 Tips for Preventing Credit Card Fraud This Season. Read more   Vulnerabilities & Exploits securitytracker.com: Mozilla Firefox Password Manager Can Disclose Passwords and Other Form Values to Remote Websites. Read more securitytracker.com: VMware VirtualCenter Client Does Not Validate Server Certificates. Read more securitytracker.com: osCommerce Input Validation Holes in Admin Scripts Permit Cross-Site Scripting Attacks. Read more securitytracker.com: BrightStor ARCserve Tape Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more   News news.com.com: Notebook theft leaks London police payroll data. Read more www.securityfocus.com: Viruses go virtual. Read more www.securityfocus.com: Researcher announces Oracle bug week. Read more www.theregister.co.uk: Computer Misuse Act could ban security tools. Read more www.itwire.com.au: Firefox flaw enables hackers to steal passwords. Read more www.sophos.com: Over half of Chinese malware aims to steal passwords, reports Sophos. Read more www.theregister.co.uk: Vista's EULA product activation worries. Read more www.theregister.co.uk: Chinese web pornographer jailed for life. Read more www.pcmag.com: Microsoft Brings 129 Lawsuits Against Phishers. Read more www.theregister.co.uk: Spyware firms pay token fines to FTC. Read more www.technewsworld.com: Hackers Use New Tricks to Evade Detection. Read more www.zdnet.com.au: Antivirus firms target 'unique' malware. Read more www.terra.net.lb: As online shopping grows, so do dangers. Read more www.nbc-2.com: Identities bought and sold in online underground. Read more

. 22 November 2006 Guides, Papers, etc blogs.securiteam.com: P2P as a new spam medium, moving from PoC to full operations. Read more www2.csoonline.com: Malicious Code Packing Ups Security Arms Race Ante. Read more news.zdnet.co.uk: Bill Gates talks Vista and Linux. Read more www.darkreading.com: Video: The New Attack Frontier. Read more www.f-secure.com: When will you stop! Read more www.2-spyware.com: Dullards at Titan Shield. Or why only idiots make corrupt anti-spyware. Read more reviews.zdnet.co.uk: Why 802.11n is a hard act to swallow. Read more www.databasesecurity.com: Which database is more secure? Oracle vs. Microsoft. Read more www.theregister.co.uk: PGP creator: Net is like 'downtown Bagdad'. Read more eprint.iacr.org: On the Power of Simple Branch Prediction Analysis. Read more   Vulnerabilities & Exploits www.securityfocus.com: Disk image flaw found on Mac OS X. Read more www.info-svc.com: CIS Finds Flaws in Firefox v2 Password Manager. Read more bugzilla.mozilla.org: Cross-Site Forms + Password Manager = Security Failure. Read more securitytracker.com: My Firewall Plus Lets Local Users Gain System Privileges. Read more securitytracker.com: aBitWhizzy 'f' Parameter Include File Bug Lets Remote Users Execute Local Files. Read more securitytracker.com: contentNow Input Validation Flaw in 'page' Parameter Lets Remote Users Inject SQL Commands. Read more securitytracker.com: phpJobScheduler Include File Error in 'installed_config_file' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Novell Client Buffer Overflow in NWSPOOL.DLL Has Unspecified Impact. Read more securitytracker.com: Turbo Searcher Buffer Overflow in 'arj.dll' Component Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X DMG Image Validation Error May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Classified System Input Validation Holes Permit Cross-Site Scripting Attacks and SQL Command Injection. Read more securitytracker.com: BirdBlog Missing Input Validation in 'comment.php', 'index.php', and 'user.php' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Avahi Lets Remote Users Manipulate the Service By Spoofing Netlink Messages. Read more securitytracker.com: PHPQuickGallery Include File Flaw in 'textFile' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: ASP Nuke Input Validation Flaw in 'register.asp' Lets Remote Users Inject SQL Commands. Read more   Tools: www.it-observer.com: Spam free inbox with SPAMfighter. Read more webmessenger.msn.com: MSN Web Messenger lets you talk online and in real-time with friends and family using just a web browser! Read more   News www.theregister.co.uk: Record labels lose against Chinese search engine. Read more www.itnews.com.au: Image-based spam defeating filters. Read more www.theregister.co.uk: VXers suffering from 'writer's block'. Read more www.infoworld.com: Annual charges now the rule with AV software. Read more www.news-journalonline.com: Ponce Inlet man charged in Internet fraud scam. Read more www.techworld.com: McAfee faces phoney phishing claims. Read more

. 21 November 2006 Guides, Papers, etc www.viruslist.com: Malware Evolution: July - September 2006. Read more www.niscc.gov.uk: Targeted Trojan Email Attacks. Read more www.youtube.com: Video about the "Grey Goo" Attack on Second Life. Watch isc.sans.org: MS06-070 Remote Exploit. Read more www.onrec.com: Non-OS dependant malware. Read more www.cylab.cmu.edu: Phinding Phish: An Evaluation of Anti-Phishing Toolbars. Read more www.youtube.com: Video: Detencion hackers chilenos. Watch www.eweek.com: Guess Whois Going to Lose the Privacy Debate. Read more www.itsecurity.com: Hacking Email: 99 Email Security and Productivity Tips. Read more www.itp.net: Who�s killed the virus? Read more www.securitypark.co.uk: Is the hacking community running out of fresh ideas? Read more www.podtrac.com: Audio: Security Now 66: Vista Security. Listen   Vulnerabilities & Exploits securitytracker.com: Netgear MA521 Wireless Adapter Invalid 'Supported Rates' Value Lets Remote Users Execute Arbitrary Code Read more securitytracker.com: OpenBSD 'ld.so(1)' May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: StoryStream Include File Bug in 'baseDir' Parameter Lets Remote Users Execute Arbitrary Code. Read more   News www.securityfocus.com: Report: Concerns focus on flaws, not viruses. Read more www.securityfocus.com: Virtual virus hits Second Life. Read more www.theregister.co.uk: Worm creates havoc on Second Life. Read more www.virusbtn.com: Trojan planted on Chinese banking site. Read more www.theregister.co.uk: Bank-card PINs 'wide open' to insider attack. Read more www.computerweekly.com: Foreign intelligence agents hacking UK businesses, government warns. Read more www.guardian.co.uk: Illegal investigators, a detective agency, and a leading law firm. Read more www.darkreading.com: Hackers Train Sights on Vista, Forefront. Read more

. 20 November 2006 Guides, Papers, etc www.benedelman.org: Bad Practices Continue at Zango, Notwithstanding Proposed FTC Settlement and Zango's Claims. Read more isc.sans.org: Taking a Look at the FreeVideo Player Trojan (NEW). Read more isc.sans.org: Virtual Machine Detection in Malware via Commercial Tools. Read more blogs.securiteam.com: 419 French (Polite) Spam. Read more blogs.securiteam.com: Revenge of the Captcha! (Reverse Captcha, Ransom Notes and Image Spam). Read more www.redorbit.com: Ethics in Info Security. Read more video.google.com: Video: How To Break Web Software - A look at security vulnerabilities in web software. Watch www.informationweek.com: Rootkits, Polymorphics Turn Threats Tougher In 2006. Read more www.avertlabs.com: Hmm� Another Patch Tuesday Vulnerability Release. Read more bc.tech.coop: Black Hat and White Hat Hacking with Lisp. Read more blog.assarbad.net: Marketing for security companies now via Secunia! Read more www.jgc.org: The Spammers' Compendium. Read more handlers.sans.org: On the Cutting Edge: Thwarting Virtual Machine Detection. Read more www.computerworld.com: Windows Vista A to Z. Read more   Vulnerabilities & Exploits securitytracker.com: Travelsized CMS Input Validation Flaws in 'page', 'page_id', and 'language' Parameters Permit Cross-Site Scripting Attacks. Read more securitytracker.com: BLOG:CMS Input Validation Hole in 'list.php' Permits Cross-Site Scripting Attacks. Read more   News today.reuters.co.uk: Nigerian scams cost Britons millions. Read more www.macworld.co.uk: PayPal phishers abuse Malaysian machine. Read more news.zdnet.co.uk: Cybercrime laws 'will harm security research'. Read more www.iht.com: Police detain another blogger despite international criticism. Read more www.stepto.com: Scaring the crap out of people is not the...Read more lauren.vortex.com: New Google Service Will Manipulate Caller-ID. Read more www.khnl.com: Zabasearch: An Invasion of Privacy? Read more www.theage.com.au: Researchers discover security flaw in microchips. Read more www.mb.com.ph: 10 Tips for Safe Holiday Shopping Online. Read more

. 18 November 2006 Guides, Papers, etc www.ngssoftware.com: Implementing and Detecting a PCI Rootkit. Read more privacyrights.org: A Chronology of Data Breaches. Read more www.avertlabs.com: Stock spammers, methodical yet mysterious. Read more www.darkreading.com: Wave of WiFi Bugs Won't Bite. Read more www.infoworld.com: MySpace password exploit: Crunching the numbers (and letters). Read more uscpublicdiplomacy.com: Audio: Fulbright Chair Speaker Series: John Perry Barlow and John Gilmore. Read more www.arx.com: The unbearable lightness of PIN cracking. Read more   Vulnerabilities & Exploits securitytracker.com: WORK system e-commerce Include File Bug in 'g_include' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: CA Host-Based Intrusion Prevention System Lets Local Users Gain Kernel Privileges. Read more securitytracker.com: Comdev One Admin Include File Bug in 'path[skin]' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: eggblog Input Validation Holes in 'edit' and 'add' Parameters Permit Cross-Site Scripting Attacks. Read more securitytracker.com: NetGear WG111v2 Wireless Driver Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: libpng Read Error in png_set_sPLT() Lets Remote Users Deny Service. Read more securitytracker.com: Inktomi Search Discloses System Information to Remote Users. Read more securitytracker.com: Apple Remote Desktop Insecure File Permissions Let Local Users Gain Root Privileges. Read more   Tools: honeyblog.org: Nepenthes 0.2. Read more   News www.iht.com: Chinese Net users say China likely banned Wikipedia again. Read more www.securityfocus.com: PCI cards the next haven for rootkits? Read more www.guardian.co.uk: Cracked it! Read more news.bbc.co.uk: Web-rage' man gets prison term. Read more www.internetnews.com: Our Phishing Filter is Better Than Yours! Read more www.sophos.com: Spanish webcam spies apprehended by authorities, reports Sophos. Read more english.peopledaily.com.cn: Hackers plant virus on Website of China's largest bankcard operator. Read more www.realtechnews.com: Botnets Responsible for Penny Stock Spams and Penis Pills. Read more www.wired.com: Polite Hackers Kick It in Korea. Read more www.internetnews.com: Pirated Vista, Office 2007 Already on The 'Net. Read more www.aclu-wa.org: ACLU Suit Seeks Access to Lawful Information on Internet. Read more

. 17 November 2006 Guides, Papers, etc www.f-secure.com: REALLY want to know what's happening in your system? Read more isc.sans.org: Honeypot Mirroring .edu domains under .eu / Active Threat. Read more www.avertlabs.com: Thats what I call redundancy! Read more www.eweek.com: The Mac Landscape: Full of Empty Threats? Read more www.windowsecurity.com: Tools of the Trade revisited (Part 3). Read more ip.securescience.net: Malware Case Study. Read more securitywatch.eweek.com: Interview: Inside the Mind of a Kernel Hacker. Read more www.2-spyware.com: Real examples of image spam. Read more   Vulnerabilities & Exploits www.itnews.com.au: WinZip 11 launches; bug found in version 10. Read more securitytracker.com: HELM Input Validation Holes Permit Cross-Site Scripting Attacks. Read more securitytracker.com: Kerio WebSTAR Lets Certain Local Users Gain Root Privileges. Read more securitytracker.com: MDaemon Insecure Directory Permissions Let Local Users Gain Elevated Privileges. Read more securitytracker.com: Plesk Input Validation Flaws in 'get_password.php' and 'login_up.php3' Permit Cross-Site Scripting Attacks. Read more securitytracker.com: Ultraseek '/highlight/index.html' Script Lets Remote Users Connect to Other Systems. Read more   Tools: ferruh.mavituna.com: XSS Shell, backdooring the web... ; Read more   News www.theregister.co.uk: VoIP and IE risks star in SANS' threat list. Read more news.com.com: Experts raise Windows security alarm. Read more www.internetnews.com: New Worm Counts On Admins Being Slow To Patch. Read more www.scmagazine.com: Worm uses Real Media files to infect. Read more www.theregister.co.uk: Former IT boss faces hacking charges. Read more www.darkreading.com: Ex-IT Chief Busted for Hacking. Read more searchsecurity.techtarget.com.au: Gartner: Crims will use PS3 to crack crypto. Read more www.theregister.co.uk: Four cuffed over webcam Trojan scam. Read more www.eweek.com: 'Pump-and-Dump' Spam Surge Linked to Russian Bot Herders. Read more www.dailytexanonline.com: Viewpoint: Making crime, and it pays. Read more www.dmnews.com: Click fraud highlights bigger issue for industry: lousy leads. Read more www.kuwaittimes.net: Online hackers' verdict. Read more thescotsman.scotsman.com: Website will name missing child sex offenders. Read more

. 16 November 2006 Guides, Papers, etc blogs.securiteam.com: Site of Polish police defaced. Read more ipcommunications.tmcnet.com: Beware of `evil twins,' and other tips to keep your online life secure. Read more isc.sans.org: Microsoft Black Tuesday Overview (NEW). Read more www.avertlabs.com: The 2007 Botnet Package - 0-day + Parasite + Google ? Read more blogs.ittoolbox.com: The Cure Can Worse Than The Disease. Read more www.webdepot.umontreal.ca: Bangs for the Buck: A Cost-Benefit Analysis of Cyberterrorism. Read more www.securitypark.co.uk: Firewall, encryption and password protection are failing to protect PCs from attacks. Read more www.internetnews.com: Automated Patching Helping Zero-Day Exploits. Read more www.darkreading.com: From Script Kiddie to CTO. Read more   Vulnerabilities & Exploits blogs.securiteam.com: ZDI: Symantec, Kaspersky, CA, MS have unpatched flaws. Read more blogs.securiteam.com: Copy and Paste Security Bugs?? The *BSD case�. Read more passivemode.net: Broadcom Wireless Driver Vulnerability. Read more securitytracker.com: Links SMB URL Parsing Bug Lets Remote Users Upload/Download Files. Read more securitytracker.com: ELinks SMB URL Parsing Bug Lets Remote Users Upload/Download Files. Read more securitytracker.com: Sun Java Runtime Environment Bug in Swing Library Lets Remote Applets Access Data from Other Applets. Read more securitytracker.com: Citrix Access Gateway Discloses Information That May Let Remote Users Compromise the Appliance. Read more securitytracker.com: Citrix Advanced Access Control Lets Remote Authenticated Users Bypass Security Policy. Read more securitytracker.com: WinZip FileView ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.microsoft.com: Windows PowerShell. Read more www.txdns.net: TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. Read more   News www.terra.net.lb: Chinese-language Wikipedia reopened: activists. Read more www.securityfocus.com: Malware goes to the movies. Read more www.theregister.co.uk: The spy - or thief - in your pocket. Read more www.sophos.com: Spanish webcam spies apprehended by authorities, reports Sophos. Read more www.vnunet.com: 'Spyware' trumps 'poker' to top search charts. Read more www.vnunet.com: Internet is 99 per cent porn free. Read more www.windowsitpro.com: The EU Strikes Back: Microsoft Has Still Not Complied. Read more www.theregister.co.uk: ESA adds stunning satellite images to Google Earth. Read more

. 15 November 2006 Guides, Papers, etc isc.sans.org: Malware with new features (NEW). Read more isc.sans.org: SANS Top 20 Update (NEW). Read more www.securityfocus.com: Symantec delivers Mac OS X security report. Read more blogs.securiteam.com: 6 new advisories, only one affects Vista. Read more blogs.securiteam.com: Notes/Domino flaw enables to steal ID files - via NRPC protocol. Read more blogs.securiteam.com: Malware utilizes AJAX to install itself. Read more www.darkreading.com: 800-Pound Gorilla Sits on AV. Read more blogs.msdn.com: How I'll Judge IE7 Security. Read more www.avertlabs.com: W32/Realor.worm - Infecting Movies for Fun and Profit. Read more   Vulnerabilities & Exploits isc.sans.org: Critical security vulnerability in WinZip 10 (NEW). Read more lists.grok.org.uk: AVG Anti-Virus - Arbitrary Code Execution (remote). Read more securitytracker.com: Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System. Read more securitytracker.com: Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Windows Workstation Service Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Nucleus Input Validation Holes in 'lib/ADMIN.php' and 'lib/SKIN.php' Permit Cross-Site Scripting Attacks. Read more securitytracker.com: PHP_Debug Include File Bug in 'test/debug_test.php' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: PHPRunner Discloses Passwords to Local Users. Read more securitytracker.com: NuSchool Input Validation Flaw in 'CampusNewsDetails.asp' Lets Remote Users Inject SQL Commands. Read more securitytracker.com: NuStore Input Validation Flaw in 'Products.asp' Lets Remote Users Inject SQL Commands. Read more securitytracker.com: D-Link DWL-G132 Wireless USB Adapter Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: NuCommunity Portal System Input Validation Flaw in 'cl_CatListing.asp' Lets Remote Users Inject SQL Commands. Read more   Tools: www-128.ibm.com: Build a Web spider on Linux. Read more   News www.securityfocus.com: Microsoft patch Tuesday fixes six major flaws. Read more www.securityfocus.com: Microsoft, Mozilla compete on anti-phishing data. Read more www.theregister.co.uk: Meet the world's most prolific spammers. Read more www.theregister.co.uk: OneCare slaps viral warning on Gmail. Read more www.wired.com: Kevin Mitnick's Security Advice. Read more www.pcadvisor.co.uk: Human error ranks as top security worry. Read more www.theregister.co.uk: Korean police break phone sex scam. Read more news.com.com: Microsoft sues alleged spyware pushers. Read more www.microsoft-watch.com: My Mother is a Software Pirate. Read more

. 14 November 2006 Guides, Papers, etc blogs.securiteam.com: Budapest Declaration on machine readable travel documents. Read more blogs.securiteam.com: Team Evil - Incident #2. Read more isc.sans.org: A loan offer or two. Read more www.eweek.com: The Rising Tide of Vista. Read more www.time.com: Linus Torvalds. Read more www.eweek.com: Report: Spyware Threat Marches On. Read more blogs.ittoolbox.com: My Virus Surfs Child Porn. Read more www.mercurynews.com: Study: About 1 percent of Web pages have sexually explicit material. Read more   Vulnerabilities & Exploits securitytracker.com: Novell BorderManager Predictable ISAKMP Cookies May Let Remote Users Conduct Denial of Service and Replay Attacks. Read more securitytracker.com: Broadcom Wireless Device Driver SSID Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: HP Tru64 UNIX libpthread Lets Local Users Gain Root Privileges. Read more securitytracker.com: myStats Permits Cross-Site Scripting and SQL Injection Attacks and Discloses the Installation Path to Remote Users. Read more   News www.securityfocus.com: Researchers flag critical wireless bug. Read more www.theregister.co.uk: Allchin backs away from Vista anti-virus claims. Read more www.betanews.com: Vista, Antivirus: What If Allchin's Right? Read more www.theregister.co.uk: UK bans denial of service attacks. Read more news.com.com: With IE 7, green means go for legit sites. Read more blogs.msdn.com: IE7 Worldwide Distribution by Automatic Updates. Read more www.newsnow.co.uk: Microsoft tags Gmail as a virus. Read more www.out-law.com: Phishing kits banned by new Fraud Act. Read more www.computerworld.com.au: Mutate, fragment, hide: The new hacker mantra. Read more www.washingtonpost.com: Sleepless Over Security Breaches. Read more www.mybroadband.co.za: PornPass Manager infects computers with spyware. Read more www.webuser.co.uk: Online Christmas shoppers at risk. Read more www.terra.net.lb: State can't stop illegal ISPs - but DSL might in Lebanon. Read more

. 13 November 2006 Guides, Papers, etc blogs.securiteam.com: MoKB Wireless Driver Bug - Critical to Windows Systems. Read more isc.sans.org: Quiet day for incidents, IRC channel for discussion (NEW). Read more isc.sans.org: Form Spam: Increasing the Attacker's work function. Read more www.myfoxorlando.com: Video: Cell Phone Viruses. Watch   Vulnerabilities & Exploits isotf.org: The Month of Kernel Bugs (MoKB) released an advisory (MOKB-11-11-2006) today on a wireless vulnerability in Broadcom's wireless driver. Read more securitytracker.com: MailMarshal Directory Traversal Bug on Processing ARJ Archives Lets Remote Users Create Arbitrary Files on the Target System. Read more   News news.softpedia.com: Six Security Bulletins from Microsoft. Read more www.businessweek.com: Nations that Censor the Net. Read more www.theregister.com: IE7 'critical update' causes headaches for managed desktop environments. Read more www.techworld.com: Hacker given 10 years for targeting teenage girls. Read more www.iht.com: Report: Singapore teen faces 3 years' jail for tapping into another's wireless Internet. Read more www.nytimes.com: Cyberthieves Silently Copy Your Passwords as You Type. Read more apcmag.com: Vista RTM cracked by pirates before release. Read more www.theregister.com: Security rivals tried to 'castrate' Vista - Gates. Read more www.ecommercetimes.com: Catching Up With Cybercriminals. Read more www.theregister.com: Pennsylvania court says viewing child porn 'not illegal'. Read more www.dailymail.co.uk: Doctors using Google to diagnose illnesses. Read more

. 11 November 2006 Guides, Papers, etc blogs.securiteam.com: SecuriTeam Interview: LMH. Read more windowsvistablog.com: Windows Vista: Defense in depth. Read more www.microsoft.com: Microsoft Security Bulletin Advance Notification. Read more www.websense.com: Web-Attacker Exposed. Read more ddanchev.blogspot.com: The Nuclear Grabber Toolkit. Read more www.2-spyware.com: Another critical vulnerability being exploited. Read more blogs.securiteam.com: Me All - For your wifi pentesting pleasure. Read more isc.sans.org: New Monster Phish Bait. Read more www.ruxcon.org.au: Hit by a Bus: Physical Access Attacks with Firewire. Read more www.websense.com: Security Trends Report, First Half 2006. Read more www.acmqueue.com: Cybercrime - An Epidemic. Read more honeyblog.org: Fun With Botnets. Read more honeyblog.org: Low-Interaction Honeyclient. Read more   Vulnerabilities & Exploits securitytracker.com: Omnistar Article Input Validation Flaws in 'article_id' and 'page_id' Parameters Let Remote Users Inject SQL Commands. Read more securitytracker.com: Citrix Presentation Server IMA Service Bugs Let Remote Users Execute Arbitrary Code and Deny Service. Read more securitytracker.com: Vortex Blog AKA vBlog Include File Flaw in 'cfgProgDir' Parameter Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.linuxdevices.com: Security company prescribes Linux for sick Windows PCs. Read more fileforum.betanews.com: RootkitRevealer 1.71. Read more www.techworld.com: VMware reveals new product features. Read more   News www.securityfocus.com: E-voting worries focus on failures, not fraud. Read more www.securityfocus.com: Web site sting nets child-porn arrests. Read more www.theregister.co.uk: Trojan pervert jailed for child abuse. Read more www.theregister.co.uk: MS preps six fixes for November Patch Tuesday. Read more www.darkreading.com: Phishing Continues Meteoric Rise. Read more www.darkreading.com: 'Hacker Safe:' Safe for Hackers. Read more

. 10 November 2006 Guides, Papers, etc www.microsoft.com: Windows Vista Security Guide. Read more blogs.securiteam.com: Surprise from Microsoft: Detailed patch advance info. Read more blogs.securiteam.com: It�s Y2K, no, it�s 32 bit unix time, no, it�s Slashdot! Read more blogs.securiteam.com: Is security testing more �security� or more �testing? Read more www.f-secure.com: Gromozon vs. Marco Giuliani. Read more www.avertlabs.com: MySpace in China - When Malware Worlds Collide. Read more blog.washingtonpost.com: Phishing Attacks Leapfrog Despite Attempts to Stop. Read more www.crypto.com: Keyboards and Covert Channels. Read more www.eweek.com: Next-Generation Notebook Security Rounding the Corner. Read more www.infoworld.com: Password-cracking contest results. Read more Audio: Security Now 65: Why Is Security So Difficult? Listen   Vulnerabilities & Exploits securitytracker.com: IBM Lotus Notes Lets Remote Users Determine Valid Usernames and Obtain User.ID Keyfiles. Read more securitytracker.com: Intego VirusBarrier X4 Lets Users Bypass Virus Detection. Read more securitytracker.com: SpeedyWiki Lets Remote Authenticated Users Upload Arbitrary Files and Remote Users Conduct Cross-Site Scripting Attacks. Read more securitytracker.com: FreeWebshop Input Validation Holes Permit Cross-Site Scripting Attacks and Include File Attacks. Read more securitytracker.com: libarchive Lets Remote Users Deny Service Via Specially Crafted Archives. Read more   Tools: www.microsoft.com: Windows Sysinternals. Read more   News www.theregister.co.uk: Piracy losses fabricated - Aussie study. Read more www.computerworld.com: Microsoft releases Sony rootkit hunter's tools. Read more www.prisonplanet.com: Google chief vows to protect users' privacy. Read more www.zdnet.com.au: DDoS makes a phishing e-mail look real. Read more www.securityfocus.com: Virus posted to official Google group. Read more www.sophos.com: 10 years jail for hacker who used spyware to blackmail schoolgirls. Read more www.betanews.com: Allchin Suggests Vista Won't Need Antivirus. Read more www.securityfocus.com: Red Hat and VMware make a bundle. Read more www.securityfocus.com: Firefox update aims to lance security bugs. Read more www.theinquirer.net: Anti-spyware anesthetises your OS before going to work. Read more www.sophos.com: Politicans add to the spam problem in run-up to US elections. Read more www.infoworld.com: Forrester: Consumers won't rush to Vista. Read more

. 09 November 2006 Guides, Papers, etc blogs.securiteam.com: The Assimilation of Sysinternals. Read more www.securityfocus.com: Using Nepenthes Honeypots to Detect Common Malware. Read more blogs.securiteam.com: Firefox 1.5.x users not supported after April 2007. Read more www.f-secure.com: Case Wikipedia. Read more isc.sans.org: fragmented packet challenge (NEW). Read more www.zdnet.com.au: 10 things to know about IE7 Security. Read more software.newsforge.com: Inside the Hacker's Profiling Project. Read more geocities.com: Hacking the Malware� A reverse-engineer�s analysis. Read more www.it-observer.com: Web-style Wireless IDS attacks. Read more technology.guardian.co.uk: Why spam is out of control. Read more   Vulnerabilities & Exploits securitytracker.com: IBM Lotus Domino 'tunekrnl' Buffer Overflow Lets Local Users Gain Root Privileges. Read more securitytracker.com: HP OpenView Client Configuration Manager Lets Remote Users Reboot the System or Execute Arbitrary Code. Read more securitytracker.com: Ruby cgi.rb MIME Boundary Parsing Error Lets Remote Users Deny Service. Read more securitytracker.com: Cisco Secure Desktop Bugs Let Local Users Gain LocalSystem Privileges, View Certain VPN Session Data, and Switch Out of the Secure Desktop. Read more securitytracker.com: Mozilla Firefox Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mozilla Thunderbird Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mozilla Seamonkey Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process. Read more securitytracker.com: Mozilla Firefox RSA Signatures Can Be Forged. Read more securitytracker.com: Mozilla Thunderbird RSA Signatures Can Be Forged. Read more securitytracker.com: Mozilla Seamonkey RSA Signatures Can Be Forged. Read more securitytracker.com: Mozilla Firefox Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mozilla Thunderbird Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mozilla Seamonkey Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code. Read more   Tools: www.microsoft.com: BlueScreen Screen Saver v3.2. Read more www.microsoft.com: Sysinternals Suite. Read more   News www.heraldsun.com: Former government security guard convicted in identity theft ring. Read more www.securityfocus.com: Microsoft trains partners to improve security. Read more www.techworld.com: Google in difficult position over Kama Sutra mishap. Read more www.theregister.co.uk: Nuclear war worm fails to explode. Read more www.theregister.co.uk: Attackers end-run around IE security. Read more www.fdlreporter.com: Controversial course teaches spyware writing. Read more www.securitypark.co.uk: Majority of organisations suffer malware attacks. Read more www.theregister.co.uk: Dating site hacker avoids jail. Read more www.techworld.com: Online banking fraud leaps out the till. Read more www.eweek.com: Sophos: Simple Malware Attacks Are Still Dangerous. Read more

. 08 November 2006 Guides, Papers, etc www.benedelman.org: Intermix Revisited. Read more www.eweek.com: Study: Symantec Best at Removing Rootkits; Microsoft Worst. Read more www.f-secure.com: Cat-herding. Read more isc.sans.org: Substantial Increase in Infected System Numbers (is it real?). Read more www.viruslist.com: New modifications of Trojan-Downloader spammed. Read more blogs.msdn.com: Improving SSL: Extended Validation (EV) SSL Certificates Coming in January. Read more blogs.securiteam.com: When Ax1024 isn�t enough. Read more blogs.securiteam.com: M$ Firefox. Read more isiom.wssrl.org: And you though you were safe after SLAMMER, not so, Swarms not Zombies present the greatest risk to our national internet infrastructure. Read more www.symantec.com: Handling Today�s Tough Security Threats. Read more www.ethicalhacker.net: Tutorial: Rainbow Tables and RainbowCrack. Read more   Vulnerabilities & Exploits securitytracker.com: GreenBeast CMS Lets Remote Users View Filenames and Potentially Upload Files. Read more securitytracker.com: Cyberfolio Include File Bug in 'av' Parameter Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: War-FTP File Command Processing Error Lets Remote Authenticated Users Deny Service. Read more securitytracker.com: WFTPD Pro Buffer Overflow in APPE Command Lets Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: Omni-NFS Server Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Kerio MailServer Unspecified Bug Lets Remote Users Deny Service. Read more securitytracker.com: IBM WebSphere Application Server Input Validation Hole in Error Page 'faultfactor' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Novell eDirectory Unspecified Bugs Let Remote Users Deny Service and Execute Arbitrary Code. Read more securitytracker.com: Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: ProFTPD Unspecified Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: OpenLDAP BIND Request Lets Remote Users Deny Service. Read more securitytracker.com: Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates. Read more   Tools: www.microsoft.com: Microsoft Baseline Security Analyzer v2.0.1 (for IT Professionals). Read more sourceforge.net: JBroFuzz is a java based stateless network protocol fuzzer for penetration tests. Read more   News www.securityfocus.com: Attackers end-run around IE security. Read more www.theregister.co.uk: US harbours one-in-four phishing sites. Read more news.com.com: Adware may be lurking in video on MySpace. Read more www.eweek.com: Anti-virus Leaders Look to Services for Growth. Read more apcmag.com: Every Vista PC to get a domain name. Read more entmag.com: Security Software Moves Toward Blocking Sites. Read more www.securityfocus.com: Wikipedia targeted by virus writer. Read more www.theregister.co.uk: Chile arrests Nasa hack suspects. Read more www.techworld.com: Security vendor hit by spite attack. Read more www.theregister.co.uk: Dutch spooks give MPs BlackBerry warning. Read more

. 07 November 2006 Guides, Papers, etc blogs.securiteam.com: XML Core Services 0-day. Read more blogs.securiteam.com: P2P: �work from home� mule recruitment and Citibank scam. Read more blogs.securiteam.com: Web (and other) code cross-pollenation. Read more blogs.securiteam.com: kernel bug not patched for over 2 years (but fixed in Vista and 2003). Read more passivemode.net: Prevent the Automatic IE 7 Update. Read more www.f-secure.com: New phishing statistics. Read more www.darkreading.com: A First Look Into the PhishTank. Read more isc.sans.org: Abuse handling and the misfortunes of the good Samaritan (NEW). Read more www.eweek.com: The Spammers Strike Back. Read more blog.assarbad.net: Conclusions drawn from observation of Redpill results wrong? Read more video.google.com: Video: HBO SPECIAL Hacking Democracy. Watch   Vulnerabilities & Exploits projects.info-pull.com: Microsoft Windows kernel GDI local privilege escalation. Read more securitytracker.com: AOL ICQ DownloadAgent() Function Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: xenis.creator Input Validation Holes in 'default.asp' Permit Cross-Site Scripting and SQL Injection Attacks. Read more securitytracker.com: If-CMS Missing Input Validation in 'rns' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: RPM Lets Remote Users Cause Arbitrary Code to Be Executed When Queried in Certain Locales. Read more   Tools: www.betanews.com: Microsoft Launches Virtual Earth 3D. Read more   News www.theregister.co.uk: 0-day bug shatters Windows. Read more www.securityfocus.com: U.S., Korea top list of phishing hosts. Read more www.computerworld.com.au: Microsoft Makes AVG Security Products Available Directly From Windows Security Center in Windows Vista. Read more www.chron.com: Chile arrests 4 accused of hacking NASA, other foreign Web sites. Read more www.theregister.co.uk: Wireless insecurity: do not use the cheerleader defence. Read more torrentfreak.co: Privacy Prevails: German ISP Forced To Delete IP Logs. Read more www.freep.com: Wi-Fi's ease lets hackers sneak in. Read more

. 06 November 2006 Guides, Papers, etc blogs.securiteam.com: ActiveX - reason of the newest Windows 0-day, again. Read more www.computerworld.com: Botnet Threat. Read more www.mcafee.com: STRIPPING DOWN AN AV ENGINE. Read more isc.sans.org: sinFP-2.04 release (NEW). Read more geocities.com: Hacking the Malware� A reverse-engineer�s analysis. Read more www.it-observer.com: 802.11b Firmware-Level Attacks. Read more www.eweek.com: The Real Problem with Voting Security. Read more   Vulnerabilities & Exploits Microsoft Security Advisory (927892) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Read more securitytracker.com: Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Informix Dynamic Server Uses Unsafe Installation Scripts and Directory Permissions That May Let Local Users Gain Elevated Privileges. Read more   Tools: www.gomor.org: Net::SinFP - a Perl module to do OS fingerprinting. Read more www.theregister.co.uk: VMWare plays Lab Manager. Read more www.washingtonpost.com: The Best Security May Still Be Free. Read more   News www.securityfocus.com: New, critical Microsoft Windows 0-day appears. Read more www.zdnet.com.au: Mac virus author admits coding difficulties. Read more www.computerworld.com: Antiphishing fighters take on malware. Read more www.thedenverchannel.com: Investigators: Your Computer Can Be Quickly Controlled By Others. Read more

. 04 November 2006 Guides, Papers, etc www.smh.com.au: My fears for the web's future: Berners-Lee. Read more blogs.securiteam.com: October WebAttacker? Read more blogs.securiteam.com: Wikipedia Blaster �Fix� Points to Malware. Read more arstechnica.com: How to steal an election by hacking the vote. Read more taosecurity.blogspot.com: Real Insider Threats. Read more www.darkreading.com: Microsoft's Security Play. Read more www.technewsworld.com: Macs, Hackers and the Computer Security Game. Read more www.youtube.com: Video: American Election Hacker Tells How to Fix an Election. Watch handlers.sans.org: Pedro�s Malware Analysis Quizes. Read more   Vulnerabilities & Exploits securitytracker.com: iodine DNS Response Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: nss_ldap Error in pam_ldap in Processing PasswordPolicyReponse Messages May Let Remote Users Bypass Authentication. Read more   Tools: www.theregister.co.uk: Veeam monitors 64-bit VMware. Read more   News www.securityfocus.com: FBI nabs suspected identity-theft ring. Read more www.theregister.co.uk: Wikipedia Blaster 'fix' points to malware. Read more aviv.raffon.net: Internet Explorer 7 - Still Spyware Writers Heaven. Read more www.securityfocus.com: Air Force establishing cyberspace command. Read more www.msnbc.msn.com: U.S. pulls Web site said to reveal nuclear guide. Read more www.theregister.co.uk: How to gag your enemies using the DMCA. Read more www.theregister.co.uk: How a virus crashed Homeland Security. Read more www.theregister.co.uk: Spanish judge says downloading is legal. Read more www.usatoday.com: Starbucks loses laptops with data on 60,000 employees. Read more www.philly.com: Court: Viewing, having child porn not equal. Read more

. 03 November 2006 Guides, Papers, etc www.wired.com: The Virus That Ate DHS. Read more blogs.securiteam.com: My name is Macarena and I�m PoC virus for OS X. Read more www.f-secure.com: Bluetooth cracking. Read more www.eweek.com: What PatchGuard Really Breaks. Read more www.infoworld.com: Seven shortcomings of virtual security. Read more sunbeltblog.blogspot.com: Gromozon blowback. Read more www.darkreading.com: Malware Pair Boosts Bots. Read more myweb.cableone.net: Chatter on the Wire: A look at excessive network traffic and what it can mean to network security. Read more aaatchim.blogspot.com: The Visual Basic surprise. Read more www.podtrac.com: Audio: Security Now 64: Your Questions, Steve's Answers - sponsored by Astaro Corp. Watch   Vulnerabilities & Exploits securitytracker.com: PHP Buffer Overflows in htmlspecialchars() and htmlentities() May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Apple AirPort Probe Response Frame Memory Error Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.pcworld.com: First Look: McAfee Internet Security 2007 and Symantec Norton Internet Security 2007. Read more   News windowsvistablog.com: Revision to Windows Vista retail licensing terms. Read more www.terra.net.lb: Tech rivals Microsoft and Novell form software alliance. Read more www.itnews.com.au: Hackers aim at Microsoft Visual Studio 2005. Read more www.technewsworld.com: Little Used Service Opens New Vulnerability in XP. Read more www.betanews.com: Mixed Messages from Microsoft on China. Read more news.com.com: FBI nabs phishers in U.S., Eastern Europe. Read more www.itnews.com.au: Spammers gear up for pre-Christmas blitz. Read more www.sophos.com: Sophos extends application control to block distributed computing programs. Read more www.theregister.co.uk: Sophos defends its block on alien hunters. Read more www.networkworld.com: Spam that Delivers a Pink Slip. Read more www.redherring.com: Hacker Academy Launched. Read more today.reuters.co.uk: Real-time arrest made in Internet porn case. Read more

. 02 November 2006 New Trojans of October. Read more   Guides, Papers, etc groups.google.com: Genetic method to detect the presence of any virtual machine. Read more blogs.securiteam.com: Apple Airport 802.11 Exploit Published and the Value of HD Moore. Read more www.itp.net: Selling security. Read more www.avertlabs.com: Watch a live spam bot in action. Read more ddanchev.blogspot.com: Proof of Concept Symbian Malware Courtesy of the Academic World. Read more www.darkreading.com: Built-in Headaches. Read more www.darkreading.com: Not Your Grandpa's Microsoft. Read more www.darkreading.com: Kernel Bugs Come Marchin' In. Read more www.macosxtips.co.uk: Heres an unexpected file hidden in the Mac OS X system files. Read more   Vulnerabilities & Exploits www.securityfocus.com: Microsoft Internet Explorer Unspecified Code Execution Vulnerability. Read more securitytracker.com: Outpost Firewall PRO /Device/Sandbox Insufficent Access Control and Insufficent Input Validation Lets Local Users Deny Service. Read more securitytracker.com: Cisco Security Agent Management Center May Grant Administrative Access to Remote Users. Read more securitytracker.com: Netquery Input Validation Flaw in 'nquser.php' Script in 'User-Agent' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Mirapoint Message Server Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: B-FOCuS Wireless Router Discloses Configuration Files to Remote Users. Read more securitytracker.com: Sun Java Application Server SSLv2 Buffer Overflow Lets Remote Users Deny Service. Read more securitytracker.com: Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Novell NetMail Buffer Overflow in Username Authentication Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Novell eDirectory BerDecodeLoginDataRequeset() Pointer Error Lets Remote Users Deny Service. Read more securitytracker.com: Novell iManager TREE Parameter NULL Pointer Dereference Lets Remote Users Deny Service. Read more securitytracker.com: Apple Xcode GDB DWARF Binary Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: PHPEasyData Pro Input Validation Flaw in 'cat' Parameter Lets Remote Users Inject SQL Commands. Read more   Tools: www.windowsfordevices.com: Windows CE 6 arrives with 100% kernel source. Read more   News www.theregister.co.uk: Spammers go island hopping to bypass filter. Read more www.theregister.co.uk: Windows Firewall exploit overhyped. Read more www.hbo.com: HACKING DEMOCRACY. Read more www.computerworld.com: Review: Hacks, lies and videotape. Read more news.com.com: Intelligence czar unveils spy version of Wikipedia. Read more www.kaspersky.com: Malicious mass mailing sent using McAfee email address. Read more news.zdnet.com: Google thanks bug hunters. Read more www.theregister.co.uk: VXers target online video. Read more www.pcadvisor.co.uk: Apple hacker highlights insecure Macs. Read more www.washingtonpost.com: 'Hacking' Doesn't Crack the Code. Read more www.twincities.com: Nurse's stolen laptop held patient data. Read more www.nbc4.com: Stolen Laptop Contains ROTC Scholarship Database. Read more www.theregister.co.uk: Domain resale market a 'haven' for phishers. Read more www.technewsworld.com: Holiday Scammers' E-Greeting Card Tactics. Read more

. 01 November 2006 Guides, Papers, etc blogs.securiteam.com: Is the IDS/IPS Still Relevant? Was it ever? Read more blogs.securiteam.com: Petite compression - not only problem of Sophos? Read more www.securityfocus.com: Quantum attacks worry computer scientists. Read more www.securityfocus.com: Employee Privacy, Employer Policy. Read more www.f-secure.com: www.citi.bank. Read more isc.sans.org: Remote DoS in Firefox 1.5.0.7 and Firefox 2 (NEW). Read more blogs.technet.com: Information on New Address Bar Issue. Read more www.darkreading.com: The Web App Security Gap. Read more sunbeltblog.blogspot.com: Follow-up on my earlier post on the ICS exploit. Read more www.microsoft.com: I Know What You Did Last Logon - Monitoring Software, Spyware, and Privacy. Read more www.microsoft.com: Behavioral Modeling of Social Engineering-Based Malicious Software. Read more   Vulnerabilities & Exploits securitytracker.com: Asterisk Has Various Bugs That Let Remote Users Deny Service. Read more securitytracker.com: HP NonStop Server Lets Local Users Access Restricted Files in Certain Cases. Read more www.virusbtn.com: Sophos engine faults disclosed. Read more   Tools: www.windowsecurity.com: PsTools Suite (Part 1). Read more   News www.theregister.co.uk: Russian hacking case can be heard in England, says judge. Read more www.regdeveloper.co.uk: Top firms' websites not ready for IE7. Read more blog.siteadvisor.com: A Halloween Screensaver That Will Make Your Skin Crawl. Read more www.ballardnewstribune.com: Ballard Hospital hit by data theft, check records. Read more www.betanews.com: China Slammed For Internet Blocking. Read more news.com.com: China: We don't censor the Internet. Really. Read more www.virusbtn.com: Two more IE7 bugs downplayed by Microsoft. Read more www.darkreading.com: IE7 Feature Goes Buggy. Read more www.zdnet.com.au: Mobile viruses set to explode. Read more

Copyright� MegaSecurity.org