Home    News Archive    Translate Traducen

News November 2007

29 November 2007 Guides, Papers, etc blogs.securiteam.com: Google handing over a blogger�s IP. Read more www.wired.com: How Does Bruce Schneier Protect His Laptop Data? With His Fists � and PGP. Read more www.zdnet.com.au: 'Friendly rootkits' a must for secure Web shopping? Read more www.mcafee.com: Cyber Crime: A 24/7 Global Battle. Read more www.prnewswire.com: New Research From McAfee, Inc. Reveals Cyber Espionage is a Growing Threat to National Security. Read more canadianpress.google.com: Bots and worms among computer security threats for 2008. Read more blogs.authentium.com: Wow, what a scam! Read more sunbeltblog.blogspot.com: New fake codec -- Windows and Mac -- codechq. Read more sunbeltblog.blogspot.com: More on the massive SEO poisoning -- it was targeted at Google. And it was more crafty than we thought. Read more sunbeltblog.blogspot.com: New trend? Gromozon being installed as a rogue security app. Read more sunbeltblog.blogspot.com: Malware redirects: The aftermath. Read more rbnexploit.blogspot.com: RBN � Google Search Exploits. Read more blog.trendmicro.com: On Malicious Web Sites from Google Searches. Read more erratasec.blogspot.com: The thing that makes candy sweet... Read more www.avertlabs.com: Fun With Symbian Platform Security. Read more www.channelregister.co.uk: America's 8m victims of identity theft. Read more ddanchev.blogspot.com: 66.1 Host Locked. Read more ddanchev.blogspot.com: Which CAPTCHA Do You Want to Decode Today? Read more ddanchev.blogspot.com: A TrustedSource for Threats Intell Data. Read more ddanchev.blogspot.com: Are You Botnet-ing With Me? Read more ddanchev.blogspot.com: I See Alive IFRAMEs Everywhere - Part Two. Read more blogs.ittoolbox.com: Innocent searches for Nov 26 2007. Read more www.eweek.com: Site Hacking for Malice and Profit. Read more www.wired.com: Spammers Giving Up? Google Thinks So. Read more blogs.securiteam.com: SCADA DNP3 Fuzzer. Read more blogs.zdnet.com: Who should bear the burden of de-fanging botnets? Read more isc.sans.org: Treacherous malware: the story of Advatrix. Read more isc.sans.org: Google Search Campaign. Read more isc.sans.org: Reader submitted question on Social-Engineering. Read more www.darkreading.com: Firewalls Ready for Evolutionary Shift. Read more www.darkreading.com: Putting an Attack Into Context. Read more www.darkreading.com: Buffer Overflows Are Top Threat, Report Says. Read more www.darkreading.com: Client, Application Flaws Top SANS Vulnerability List. Read more news.softpedia.com: God, These Google Hackers Are Smart! Read more tv3.co.nz: Claims that Playstation 3 can be used to hack passwords. Read more www.cacr.math.uwaterloo.ca: Handbook of Applied Cryptography. Read more blogoscoped.com: What the Google Intranet Looks Like. Read more www.enisa.europa.eu: Botnets � The Silent Threat. Read more   Vulnerabilities & Exploits www.xdisclose.com: Microsoft FTP Client Multiple Bufferoverflow Vulnerability. Read more ha.ckers.org: ANI Exploit + SQL injection. Read more securitytracker.com Cisco Unified IP Phone Extension Mobility Feature Lets Remote Authenticated Users Eavesdrop. Read more securitytracker.com BEA Plumtree Portal Discloses Internal Hostname and Product Version Number to Remote Users. Read more securitytracker.com BEA Plumtree Portal Search Function Discloses Usernames to Remote Users. Read more securitytracker.com Liferay Enterprise Portal Input Validation Hole in the Forgot Password 'emailAddress' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com Mozilla Firefox Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com IBM Lotus Notes Buffer Overflows in Processing Lotus 1-2-3 Attachments Let Remote Users Execute Arbitrary Code. Read more securitytracker.com Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service. Read more securitytracker.com Mozilla Firefox Referer Header Spoofing Bug Permits Cross-Site Request Forgery Attacks. Read more   News www.computerworld.com: Update: Subverted search sites lead to massive malware attack in progress. Read more www.fbi.gov: 'Bot Roast II' Nets 8 Individuals. Read more www.theregister.co.uk: Inside job suspected in email database hack. Read more www.theregister.co.uk: Microsoft on the hunt for 'serious' Windows flaw. Read more www.channelregister.co.uk: Reported malfunction in PayPal Security Key. Read more www.theregister.co.uk: Hacker defaces temples to OS X. Read more www.informationweek.com: Seagate's MacBook Hard Drive Destroying Data. Read more www.vnunet.com: Experts warn of hacking 'cold war'. Read more www.pcadvisor.co.uk: Hacker says PS3 is a password-cracking genius. Read more

27 November 2007 Guides, Papers, etc sunbeltblog.blogspot.com: BREAKING: Massive amounts of malware redirects in searches. Read more www.f-secure.com: New Vulnerability in QuickTime. Read more isc.sans.org: Apple QuickTime 7.3 RTSP Response 0day. Read more ddanchev.blogspot.com: But Malware is Prone to be Profitable. Read more ddanchev.blogspot.com: Exposing the Russian Business Network. Read more ddanchev.blogspot.com: The State of Typosquatting - 2007. Read more arstechnica.com: Making malware unprofitable: economics key to slowing hackers down. Read more www.avertlabs.com: Pay Up, Or The Computer Gets It! Read more explabs.blogspot.com: Innocent searches for Nov 26 2007. Read more blogs.securiteam.com: Fact of the week: iPhone widgets doesn�t send IMEI. Read more isc.sans.org: Gadget Security. Read more isc.sans.org: Policies - Need them, sure, how do we get them approved? Read more blog.trendmicro.com: A Tell-all Virus. Read more www.vitalsecurity.org: A Portrait of the Artist as a Young Man. Read more www.darkreading.com: Buffer Overflows Are Top Threat, Report Says. Read more www.darkreading.com: UK Government Breach Exceeds Original Estimates. Read more www.f-secure.com: My Egyptian Vacation. Read more www.computerdefense.org: CSRF Hacking Database. Read more blogs.techrepublic.com.com: Teach a man to fish. Read more resources.zdnet.co.uk: The top 10 IT disasters of all time. Read more www.turnergreen.com: INFRINGEMENT NATION: COPYRIGHT REFORM AND THE LAW/NORM GAP. Read more www.podtrac.com: Audio. Security Now 119: Third Party Cookies. Listen   Vulnerabilities & Exploits securitytracker.com: SafeNet Sentinel Products Let Remote Users Traverse the Directory. Read more securitytracker.com: Citrix NetScaler Cookie Weakness May Let Users Access Arbitrary Accounts. Read more securitytracker.com: QuickTime Buffer Overflow in Processing RTSP Content-Type Header Values Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Wireshark Wireshark MP3, DNP, SSL, ANSI MAP, Firebird/Interbase, NCP, HTTP, MEGACO, DCP ETSI, OS/400, PPP, Bluetooth SDP, and RPC Portmap Bugs Let Remote Users Deny Service. Read more securitytracker.com: BitDefender Heap Overflow in 'Oscan' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more   News www.securityfocus.com: Researchers warn of AV software risks. Read more www.theregister.co.uk: QuickTime streaming media exploit targets unpatched bug. Read more www.securityfocus.com: QuickTime exploited by media-handling flaw. Read more www.miamiherald.com: Cyber-age prompts a new war. Read more www.stuff.co.nz: 'Ethical' Kiwi hacker keeps Microsoft busy. Read more www.infoworld.com: Another inconvenient truth: Al Gore's Web site hacked. Read more www.theage.com.au: Flaw leaves Microsoft looking like a turkey. Read more www.reuters.com: Skype encryption stumps German police. Read more www.neowin.net: Man in the browser is new security threat to online banking. Read more www.techworld.com: Criminals burrow into browsers to hack banks. Read more www.computerweekly.com: Social engineering attacks on the rise. Read more www.pcadvisor.co.uk: McAfee: Windows Vista hacks to surge in 2008. Read more computerworld.com: Alleged Cisco hacker convicted in Sweden, bewails fate. Read more www.zdnet.co.uk: What's Going on at Skype? Read more www.computerworld.com: UK youth warned MySpace isn't private (OMG!!!!1). Read more

22 November 2007 Guides, Papers, etc www.f-secure.com: Converting an iPhone into Full-Featured Spy Tool. Read more www.fastcompany.com: Hacking the iPhone. Read more www.fastcompany.com: Video. Hacking the iPhone. Watch ddanchev.blogspot.com: A Botnet of Infected Terrorists? Read more ddanchev.blogspot.com: Mass Defacement by Turkish Hacktivists. Read more sunbeltblog.blogspot.com: Irony: Truly, they have no shame. Read more sunbeltblog.blogspot.com: Example of a money transfer scam site: usps-mailcorp. Read more blog.trendmicro.com: Bad Image for Gameige. Read more blog.dkbza.org: Packers, Time and Google Groups. Read more blogs.ittoolbox.com: Innocent searches for Nov 21 2007. Read more www.heise-security.co.uk: TOR anonymisation network phished, part 2. Read more www.infoworld.com: Is security software becoming a security risk? Read more www.nruns.com: The Death of Defense in Depth ? - revisiting AV Software. Read more www.darkreading.com: Cybercriminals Ready for Banner Holiday Shopping Season. Read more www.darkreading.com: Rethinking Desktop Security. Read more www.infoblox.com: THIRD ANNUAL DNS SURVEY. Read more dns.measurement-factory.com: DNS SURVEY: OCTOBER 2007. Read more isc.sans.org: Social Engineering, just by asking! Read more www.eweek.com: Is the Internet Governable? Read more www.news.com: What are the odds you'll land on a typo-squatting site? Read more www.msnbc.msn.com: WPBF Explains How PC Repair Shops Can Steal Personal Info. Read more blogs.zdnet.com: Is it ethical to turn on wireless security for an open access point? Read more blogs.zdnet.com: Memory test - Firefox 2.0.0.9 vs Firefox 3.0 b 1. Read more   Vulnerabilities & Exploits securitytracker.com: IBM Director Lets Remote Users Deny Service. Read more   News www.theregister.co.uk: Germany seeks malware 'specialists' to bug terrorists. Read more www.smh.com.au: Germany to bug terrorists' computers. Read more www.1888pressrelease.com: Siberian Hacker Shut Down. Read more www.theinquirer.net: 16 year-old 'hacker' designs Internet policy. Read more news.zdnet.co.uk: McAfee: Businesses 'leery' of Vista. Read more

21 November 2007 Guides, Papers, etc www.f-secure.com: Testing TOR Nodes for Man-in-the-Middle Attacks. Read more www.teamfurry.com: TOR exit-node doing MITM attacks. Read more www.teamfurry.com: On TOR. Read more sunbeltblog.blogspot.com: Example of a money transfer scam site: usps-mailcorp. Read more sunbeltblog.blogspot.com: OOF spam suppression. Read more sunbeltblog.blogspot.com: The Kindle. Read more blog.trendmicro.com: Bad Image for Gameige. Read more rbnexploit.blogspot.com: RBN � Fake Codecs. Read more www.securityfocus.com: Don't blame the IDS. Read more www.pcadvisor.co.uk: XP & Vista users wary of Windows 2000 exploit. Read more isc.sans.org: Security 2.0. Read more isc.sans.org: Holiday/Family Incident Response Why and How. Read more www.2-viruses.com: IT managers should think as hackers do. Read more www.teamfurry.com: Illusion - Now you see me, now you don�t. Read more www.abc.net.au: Sudoku may save us from spam. Read more aps.arxiv.org: Escalating The War On SPAM Through Practical POW Exchange. Read more blogs.zdnet.com: In zombies we trust. Read more 12angrymen.wordpress.com: Caveat Emptor - Use of Credit Cards On-Line. Read more   Vulnerabilities & Exploits securitytracker.com: Alcatel OmniPCX Enterprise Lets Remote Users Deny Service and Potentially Intercept Audio. Read more securitytracker.com: Cacti Unspecified Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Citrix NetScaler Input Validation Hole in 'generic_api_call' Permits Cross-Site Scripting Attacks. Read more     News www.itweb.co.za: 100 000 new viruses in 2007. Read more www.tech.co.uk: McAfee: More web-based threats in 2008. Read more www.vnunet.com Security experts forecast stormy 2008. Read more www.wired.com: Firefox 3 Beta 1 Arrives in Fighting Shape. Read more www.computerworlduk.com: Trojan horse gallops through Windows Live Messenger. Read more www.webuser.co.uk: Phone-tapping email hides Trojan. Read more blog.wired.com: Hushmail To Warn Users of Law Enforcement Backdoor. Read more www.usatoday.com: Spam-spitting Storm virus, a year old, is as tricky as ever. Read more government.zdnet.com: Judge: �Personal� spam is not illegal. Read more www.zdnet.co.uk: Yes, Microsoft will support XP until 2014. Read more

20 November 2007 Guides, Papers, etc blog.wired.com: PGP Creator Defends Hushmail. Read more www.eweek.com: Microsoft Could Do More: Windows Update as a Hosting Service. Read more www.viruslist.com: The evolution of technologies used to detect malicious code. Read more www.nsc.liu.se: The Stakkato Attacks. Read more ddanchev.blogspot.com: Large Scale MySpace Phishing Attack. Read more ddanchev.blogspot.com: Another Massive Embedded Malware Attack. Read more isc.sans.org: Guest Editorial: Internet Governance Forum (Gadi Evron). Read more isc.sans.org: The Holidays Cometh. Read more www.darkreading.com: DNS Servers in Harm's Way. Read more www.theregister.co.uk: Email security: Where are we @? Read more resources.zdnet.co.uk: Securing the wireless frontier. Read more explabs.blogspot.com: Big hack today. Read more www.technewsworld.com: Report: E-Commerce Fraudsters' Haul May Reach $3.6B in 2007. Read more www.betanews.com: Surveys: Identity theft more critical than incursion, data loss. Read more www.internetevolution.com: The Future of Internet Immune Systems. Read more www.macworld.com: Study: Internet could run out of capacity in two years. Read more   Vulnerabilities & Exploits securitytracker.com: WordPress Cookie Authentication Flaw Lets Remote Users Access Accounts in Certain Cases. Read more securitytracker.com: Mozilla Firefox subjectAltName:dNSName Attribute Validation Flaw Lets Remote Users Spoof Certificates. Read more securitytracker.com: MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service. Read more   Tools: www.techworld.com: Zimmermann's Zfone now supports Google Talk. Read more   News www.computerworld.com: Hackers jack Monster.com, infect job hunters. Read more blog.wired.com: Hushmail To Warn Users of Law Enforcement Backdoor. Read more www.thelocal.se: FBI investigates Swedish hacker. Read more www.theregister.co.uk: Mozilla hits back at Firefox 3 quality slur. Read more

19 November 2007 Guides, Papers, etc ddanchev.blogspot.com: The "New Media" Malware Gang. Read more ddanchev.blogspot.com: But of Course I'm Infected With Spyware. Read more sunbeltblog.blogspot.com: Adult Friend Finder. Read more isc.sans.org: Overzlobbed. Read more www.cisrt.org: Call1105-??.rar Spams Spread. Read more blog.spywareguide.com: The Myspace Band Hacks: A Victim Speaks. Read more isc.sans.org: Architecture, security and assurance. Read more co4k.warazd.com: MPack Developer: �Just Creating Ammunition�. Read more rbnexploit.blogspot.com: RBN � PC Hijacking via Banner-Ads on Major Web Por... Read more www.symantec.com: Danger - The subject says it all. Read more www.disog.org: Walking through a phish site. Read more hydrogen.oshean.org: Audio. PaulDotCom Security Weekly - Episode 88. Listen blogs.securiteam.com: Mozilla still working on JAR: protocol flaw. Read more www.networkworld.com: One tiny math mistake and the terrorists win? Read more www.infoworld.com: Protect against external threats. Read more www.dailytech.com: When Online Advertising Goes Too Far. Read more www.disog.org: Researching Botnets. Read more   Vulnerabilities & Exploits blog.mozilla.com: jar: Protocol XSS Security Issues. Read more securitytracker.com: AhnLab V3 Internet Security ZIP File Memory Error May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code. Read more     News blog.wired.com: Hacked iPhone No Longer Just a Theory: Demo Turns iPhone into Spy Device. Read more www.nytimes.com: Mozilla Won�t Fix 80% of Firefox 3.0�s Bugs. Read more www.news.com: Firefox 3.0 may ship with a slew of serious bugs intact. Read more news.softpedia.com: Norton, McAfee and Kaspersky Fighting for Seagate�s HDD Security. Read more www.reuters.com: PayPal offers secure way to shop non-PayPal sites.Read more www.airdefense.net: AirDefense's Comprehensive Survey of 3,000 Retail Stores Finds Many Wireless Data Security Vulnerabilities as Holiday Shopping Season Nears. Read more today.reuters.co.uk: "Lust, Caution" prompts virus and medical warnings. Read more www.nytimes.com: In Korea, a Boot Camp Cure for Web Obsession. Read more www.computerworld.com: Microsoft Fixes Gaffe in Time for Patch Tuesday. Read more

17 November 2007 Guides, Papers, etc www.f-secure.com: Video - Live at USENIX '07. Read more www.mckeay.net: Ever heard of a code of ethics? Read more communities.intel.com: Ethics within Information Security. Read more isc.sans.org: Architecture, security and assurance. Read more isc.sans.org: Tiger and Leopard upgrades. Read more ddanchev.blogspot.com: Lonely Polina's Secret. Read more sunbeltblog.blogspot.com: New fake codec: playcodec. Read more sunbeltblog.blogspot.com: Some new twists in the Storm worm. Read more www.thespanner.co.uk: Safari security. Read more www.darkreading.com: Botnets: Whose Fault Are They? Read more www.darkreading.com: Blacklisting Meets Whitelisting. Read more www.infoworld.com: Protect against external threats. Read more blogs.technet.com: More than 490�000 Database Server unprotected on the Web. Read more www.securityfocus.com: Aye, Robot, or Can Computers Contract? Read more www.informationweek.com: Defense In Depth: A Blueprint For Security. Read more resources.zdnet.co.uk: Top five worst IT security mishaps of 2007. Read more www.darkreading.com: Financial Consulting Firm Fixes Security Flaws. Read more www.usatoday.com: Study: Many retailers' wireless data systems easy to hack. Read more www.cl.cam.ac.u A pact with the Devil. Malware propagation strategies which exploit not the incompetence or naivety of users, but instead their own greed, malice and short-sightednes. Read more cr.yp.to: Some thoughts on security after ten years of qmail 1.0. Read more www.lightbluetouchpaper.org: Google as a password cracker. Read more www.disog.org: Audio. Analysis Of Malware Audiocast. Listen podcasts.mcafee.com: Audio. The W32/Virut family of parasitic infectors is discussed, along with the general resurgence in parasitic malware. Listen www.youtube.com: Video. government hacks. Watch   Vulnerabilities & Exploits securitytracker.com: FLAC Buffer Overflows, Double Free Errors, and Other Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: IBM WebSphere Input Validation Hole in 'Expect' Header Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Citrix Presentation Server Published Application Information May Let Remote Users Execute Arbitrary Commands. Read more securitytracker.com: Mac OS X Application Firewall Bugs May Let Remote Users Access the Services on the Target System. Read more     News www.theregister.co.uk: Chinese cyber strikes will be 'like WMD'. Read more www.computerworld.com: Storm botnet spreading malware through GeoCities. Read more www.smh.com.au: Police swoop on 'hacker of the year'. Read more www.computeractive.co.uk: Security firm urges caution when donating online. Read more

16 November 2007 Guides, Papers, etc ddanchev.blogspot.com: First Person Shooter Anti-Malware Game. Read more ddanchev.blogspot.com: Cyber Jihadist Blogs Switching Locations Again. Read more blogs.zdnet.com: Rogue anti-malware lures squirming though Skype. Read more www.symantec.com: Discussion of ActiveX Vulnerabilities. Read more pandalabs.pandasecurity.com: Fake Microsoft Update. Read more wabisabilabi.blogspot.com: Focus on: ClamAV remote code execution. Read more blog.trendmicro.com: YouTube Spoof Site Serving Malware. Read more www.net-security.org: Wi-Fi piggybacking widespread. Read more www.betanews.com: Microsoft wants to play doctor with your home network. Read more www.foxnews.com: Don't Forget to Back Up Your Brain. Read more blogs.authentium.com: You are infected/hacked and it is your fault. Read more www.computerworld.com: What retail wireless security? Read more www.news.com: Microsoft exec calls XP hack 'frightening'. Read more www.podtrac.com: Audio. Security Now 118: Your Questions, Steve's Answers 28. Listen   Vulnerabilities & Exploits securitytracker.com: Samba nmbd Buffer Overflow in Processing GETDC mailslot Requests Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Samba nmbd Buffer Overflow in reply_netbios_packet() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X SecurityAgent Lets Physically Local Users Bypass the Screen Saver Password Mechanism. Read more securitytracker.com: Mac OS X Kernel and Networking Bugs Let Remote and Local Users Deny Service or Execute Arbitrary Code. Read more securitytracker.com: NFS AUTH_UNIX RPC Double Free Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mac OS X WebCore/WebKit Bugs Let Remote Users Execute Arbitrary Code. Read more     News www.theregister.co.uk: Tor embassy 'hacker' raided by Swedish Feds. Read more www.regdeveloper.co.uk: Databases still open to basic attack. Read more www.vnunet.com: Hushmail turns out to be anything but. Read more www.wired.com: Hackers Use Banner Ads on Major Sites to Hijack Your PC. Read more www.computerworld.com: Disappearing Gmail messages baffle users. Read more

15 November 2007 Guides, Papers, etc www.f-secure.com: Virtual Theft at the Habbo Hotel. Read more ddanchev.blogspot.com: Popular Spammers Strategies and Tactics. Read more ddanchev.blogspot.com: Electronic Jihad's Targets List. Read more ddanchev.blogspot.com: Scammy Ecosystem. Read more www.wired.com: Did NSA Put a Secret Backdoor in New Encryption Standard? Read more sunbeltblog.blogspot.com: Rogue ads pushing malware -- how it works. Read more blog.trendmicro.com: PhishIRS Cast Their Net Anew. Read more www.itu.int: ITU Botnet Mitigation Toolkit. Read more www.darkreading.com: Researchers 'Spy' on Web Attackers. Read more www.darkreading.com: Dissecting Malware. Read more isc.sans.org: Incident Handling 101. Read more isc.sans.org: Miscellaneous items. Read more blogs.ittoolbox.com: Banner ads from major sites. Read more www.eweek.com: Trust Is Back In Style. Read more www.infoworld.com: Stopping malware that mutates on demand. Read more   News www.securityfocus.com: Half-million database servers at risk, survey says. Read more www.channelregister.co.uk: eBay Trojan morphs to snare motor victims. Read more www.hardwarezone.com: PDF Malware Crashes Into October Virus Charts. Read more www.techworld.com: Malware adapts to Web 2.0. Read more www.computerworld.com: Apple patches 41 bugs in monster day of fixes. Read more torrentfreak.com: 14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users. Read more www.latimes.com: Yahoo to pay Chinese families. Read more www.dbtechno.com: Comcast Sued For Blocking BitTorrent. Read more

14 November 2007 Guides, Papers, etc www.buslab.org: Cryptanalysis of the Random Number Generator of the Windows Operating System, by Leo Dorrendorf and Zvi Gutterman and Benny Pinkas. Read more www.theage.com.au: The hack of the year. Read more www.eweek.com: Some Ad Networks Are Bad News. Read more ddanchev.blogspot.com: Teaching Cyber Jihadists How to Hack. Read more ddanchev.blogspot.com: p0rn.gov - The Ongoing Blackhat SEO Operation. Read more sunbeltblog.blogspot.com: New fake codec site: zangcodec. Read more sunbeltblog.blogspot.com: Love letters on the MBR. sunbeltblog.blogspot.com: DNS hacks the norm. Read more www.f-secure.com: Microsoft Updates Released. Read more www.f-secure.com: Raining Money Mules. Read more isc.sans.org: New version of cvtwin, now with HTTP upload. Read more isc.sans.org: november black tuesday overview. Read more www.cisrt.org: Mcrsvc.exe, IRCBot.apd. Read more blogs.securiteam.com: Project Hayneedle. Read more observed.de: Project HayNeedle. Read more www.darkreading.com: The Secret Life of a Bot. Read more www.darkreading.com: The World's Biggest Botnets. Read more msmvps.com: Do me a favour - dump Symantec. Read more msmvps.com: MalwareAlarm again.. this time it's www.ok-magazine.com. Read more www.technewsworld.com: The Evolution of Spam, Part 1: New Tricks. Read more www.darkreading.com: IBM Adds CSRF Scanning to Watchfire Tool. Read more www.darkreading.com: It Takes One to Know One. Read more ha.ckers.org: DoSing Via Chargebacks. Read more support.microsoft.com: Support WebCast: Microsoft Security Intelligence Report: Latest trends in vulnerabilities, malware, and potentially unwanted software. Read more www.net-security.org: (IN)SECURE Magazine, Issue 14: Now Available. Read more csrc.nist.gov: User�s Guide to Securing External Devices for Telework and Remote Access. Read more   Vulnerabilities & Exploits securitytracker.com: Adobe ColdFusion CFID/CFTOKEN Bug May Let Remote Users Hijack Sessions. Read more securitytracker.com: Novell Client Lets Local Users Gain Kernel Level Privileges. Read more securitytracker.com: Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service. Read more securitytracker.com: Ruby SSL Certificate Attribute Verification Bugs Let Remote Users Conduct Man-in-the-Middle Attacks. Read more securitytracker.com: F5 FirePass Input Validation Hole in 'download_plugin.php3' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: WinPcap Bug in bpf_filter_init() Function Lets Local Users Gain Kernel Level Privileges. Read more securitytracker.com: PHP Buffer Overflows, Filtering Bypass, and Configuration Bypass Bugs May Let Users Gain Elevated Privileges. Read more   News www.securityfocus.com: Microsoft closes Windows Shell hole. Read more tech.blorge.com: Microsoft Windows 7 �wishlist� leaked! Read more www.israeltoday.co.il: Israeli researchers find major Microsoft Windows security hole. Read more www.washingtonpost.com: Russia Casts A Selective Net in Piracy Crackdown. Read more www.smh.com.au: Nigerian 'scammer' arrested. Read more www.darkreading.com: Report: Korean Execs Stole $1.8B in Trade Secrets. Read more www.channelregister.co.uk: Chinese Trojan on Maxtor HDDs spooks Taiwan. Read more www.channelregister.co.uk: Windows random number generator is so not random. Read more www.channelregister.co.uk: Multics source code released into the wild. Read more www.heise-security.co.uk: Spam links flying under Google flag. Read more

12 November 2007 Guides, Papers, etc ddanchev.blogspot.com: Yet Another Malware Outbreak Monitor. Read more ddanchev.blogspot.com: Targeted Spamming of Bankers Malware. Read more www.sciencedaily.com: Computer Scientist Fights Threat Of 'Botnets'. Read more www.securityfocus.com: Don't blame the IDS. Read more isc.sans.org: Cyber Jihad? Yeah, right... Read more isc.sans.org: WoW. Read more www.f-secure.com: There's Nothing to See Here, Please Move Along Now. Read more sunbeltblog.blogspot.com: eEye comment spam. Read more www.cisrt.org: Xgame.zip, Do You Receive? Read more blog.trendmicro.com: Blue Sky[pe] predicted today. Good weather for Phishing. Read more www.0x000000.com: Stealing Computer Names In Firefox And MSIE. Read more ha.ckers.org: MySpace Anti-Phishing Techniques Need Work. Read more www.cisco.com: NetFlow Performance Analysis. Read more www.podtrac.com: Audio. Security Now 117: Even More Perfect Paper Passwords. Listen   Vulnerabilities & Exploits blogs.securiteam.com: JAR: protocol vuln - targeting to Google now. Read more securitytracker.com: PCRE Regex Processing Integer Overflows May Let Users Execute Arbitrary Code. Read more securitytracker.com: AOL Radio Buffer Overflow in AmpX ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Mozilla Firefox Input Validation Hole in jar: Protocol Handler Permits Cross-Site Scripting Attacks. Read more     News www.securityfocus.com: Bot master owns up to 250,000 zombie PCs. Read more news.zdnet.co.uk: US 'botmaster' faces 60-year prison spell. Read more computerworld.com: Microsoft drops IE's 'click to activate' nag. Read more news.zdnet.co.uk: Infamous Russian malware gang vanishes. Read more www.computerworld.com: Update: Russian hacker gang vanishes day after moving to China. Read more www.azstarnet.com: Maliciously coded online ad caused Star's Web site problems. Read more blogs.securiteam.com: Another case of the infected HD. Read more news.xinhuanet.com: Bots, spyware top security concern of U.S. gov't IT people. Read more www.theregister.co.uk: IndiaTimes website 'attacks visitors'. Read more www.securityfocus.com: Web attack primes sites to infect visitors. Read more www.wtoctv.com: Computer Hacker Changes Grades at Corporate Academy. Read more www.securityfocus.com: Manhattan business indicted for ID theft. Read more blogs.techrepublic.com.com: Only two fixes from Microsoft on Patch Tuesday next week. Read more

09 November 2007 Guides, Papers, etc www.darkreading.com: The World's Biggest Botnets. Read more ddanchev.blogspot.com: Go to Sleep, Go to Sleep my Little RBN. Read more ddanchev.blogspot.com: Electronic Jihad v3.0 - What Cyber Jihad Isn't. Read more ddanchev.blogspot.com: I See Alive IFRAMEs Everywhere. Read more sunbeltblog.blogspot.com: Seen in the wild: Fake error message pushes, of all things, Google Pack. Read more www.symantec.com: Trojan Writer Lusts for Money from Affiliate. Read more isc.sans.org: yl18.net part II. Read more www.cisrt.org: Really Monitor Your Telephone Line? Read more www.cisrt.org: Dancer.exe, Zhelatin Began Active Again. Read more blog.trendmicro.com: Hidden IFRAMEs Launch Malware En Masse. Read more www.vitalsecurity.org: Myspace Band hacks - STILL active! Read more www.infoworld.com: Protecting the end-user. Read more www.eweek.com: Network Policies Should Be Open, Not Neutral. Read more   Vulnerabilities & Exploits blogs.securiteam.com: JAR: protocol vulnerability in Firefox, word processor applications reported. Read more labs.idefense.com: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability. Read more www.gnucitizen.org: BT Home Flub: Pwnin the BT Home Hub (4). Read more securitytracker.com: HP-UX Aries PA-RISC Emulator Bug Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: OpenLDAP Lets Remote Users Crash the slapd Daemon With Specially Crafted objectClasses Attributes. Read more securitytracker.com: Conga ricci Daemon Connection Limit Lets Remote Users Deny Service. Read more securitytracker.com: Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service. Read more securitytracker.com: Solaris Volume Manager IOCTL Command Validation Flaw Lets Local Users Deny Service. Read more     News www.theregister.co.uk: Hushmail open to Feds with court orders. Read more www.theregister.co.uk: Website for computer security experts hacked. Read more www.techworld.com: Massive ID theft gang busted. Read more www.scmagazineus.com: SecureWorks: Anti-spyware solution scam steals personal financial information. Read more www.theregister.co.uk: Pentagon: Our new robot army will be controlled by malware. Read more

08 November 2007 Guides, Papers, etc www.honeynet.org: Know Your Enemy: Behind the Scenes of Malicious Web Servers. Read more www.symantec.com: The State of Spam. A Monthly Report � November 2007. Read more www.f-secure.com: Security Advisories. Read more blogs.securiteam.com: These days of several XSS vulns on known sites. Read more isc.sans.org: Gone in 3600 seconds: story about TCP Keep-Alives. Read more isc.sans.org: yl18.net mass defacement. Read more isc.sans.org: Top IPv6 Implementation Issues. Read more isc.sans.org: Cyber Jihad Called Off. Read more sunbeltblog.blogspot.com: A little bit of de-fudding on the DNS changing Trojan. Read more sunbeltblog.blogspot.com: Another fake codec -- Windows and Mac. Read more www.darkreading.com: Honeynet Project: Attackers Know Where You Live. Read more www.darkreading.com: The Value of Security Training. Read more www.siliconvalley.com: Study reveals new findings about identity theft perpetrators, victims and methods. Read more www.cisrt.org: Dancer.exe, Zhelatin Began Active Again. Read more www.cisrt.org: Mdesvc.exe, IRCBot.aof. Read more msmvps.com: Reports of malware banner advertisements continue... Read more www.gcn.com: The most powerful anti-spam filter isn�t used enough. Read more nick.brown.free.fr: Memory stick worms. Read more www.intergovworld.com: Public utility's bare insecurities. Read more   Vulnerabilities & Exploits securitytracker.com: Oracle Database XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Cisco Unified MeetingPlace Web Conferencing Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges. Read more securitytracker.com: Perl Regex Processing Bug May Let Users Execute Arbitrary Code. Read more securitytracker.com: PCRE Regex Processing Bugs May Let Users Execute Arbitrary Code. Read more securitytracker.com: QuickTime Movie/PICT/QTVR/Java Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Sun Remote Services Net Connect Format String Bug Lets Local Users Gain Root Privileges. Read more securitytracker.com: Mono Integer Overflow May Let Local Users Gain Elevated Privileges. Read more     News blog.wired.com: Encrypted E-Mail Company Hushmail Spills to Feds. Read more www.securityfocus.com: Microsoft warns of Macrovision attacks. Read more www.securityfocus.com: Symantec plans to acquire Vontu. Read more www.theregister.co.uk: QuickTime update fixes code-execution holes. Read more www.2-viruses.com: 2 years in prison for AOL spam scam. Read more www.theregister.co.uk: Hack database, change school grades, go to jail for 20 years (maybe). Read more www.theregister.co.uk: Googlewhack trick used to slip junk mail past spam filters. Read more news.softpedia.com: Hackers with Balls Affecting the Chinese Government. Read more www.theregister.co.uk: Police dismantle global child porn network. Read more news.monstersandcritics.com: Techie jailed due to Airtel mistake: police. Read more

05 November 2007 Guides, Papers, etc ddanchev.blogspot.com: Overperforming Turkish Hacktivists. Read more ddanchev.blogspot.com: Rebranding a Security Vendor. Read more ddanchev.blogspot.com: Managed Fast-Flux Provider. Read more sunbeltblog.blogspot.com: A rather heated debate with a rogue antispyware maker. Read more sunbeltblog.blogspot.com: Some new fake codecs. Read more www.cisrt.org: Game.zip, KeyLogger.rp. Read more www.alex-ionescu.com: Behind Windows x64�s 44-bit Memory Addressing Limit. Read more blogs.securiteam.com: That Mac Trojan�Read more news.softpedia.com: A Not-So-Safe-Email with Symantec Mail Security. Read more isc.sans.org: Daylight Saving Time Reminder for North America (with some exceptions). Read more news.zdnet.com: Police Blotter: Is computer-generated pornography illegal? Read more   Tools: community.corest.com: WifiZoo is a tool to gather wifi information passively. Read more   News software.silicon.com: Storm Worm still evolving - Symantec. Read more networks.silicon.com: Scientists perfecting picture passwords. Read more blog.wired.com: Linux Programmer, Hans Reiser, Faces Murder Trial. Read more www.projo.com: Langevin to study cyber threats. Read more

03 November 2007 Guides, Papers, etc isc.sans.org: root nameserver migration. Read more ddanchev.blogspot.com: Metaphisher Malware Kit Spotted in the Wild. Read more ddanchev.blogspot.com: Yahoo Messenger Controlled Malware. Read more www.avertlabs.com: OSX/Puper: A Real Threat to Macs, or Just More Hype? Read more www.avertlabs.com: Password policy � Length vs. Complexity. Read more www.avertlabs.com: Someone get the mop, we have a data leak! Read more www.cisrt.org: ARP Attack Is So Easy. Read more swatrant.blogspot.com: DomPlayer - Rogue Multimedia Player. Read more swatrant.blogspot.com: Attack of the Google clones. Read more www.vitalsecurity.org: This Skype Worm is pretty distasteful.... Read more blog.spywareguide.com: Skype Worm Preys Upon Good Samaritans..Read more blog.spywareguide.com: BandJammer - Hacking A Myspace Music Profile Near You. Read more blog.trendmicro.com: ZLOB Crosses Over. Read more www.eweek.com: The Web's 12 Scariest Applications. Read more www.darkreading.com: Bots, Bots Everywhere. Read more www.darkreading.com: Threats That Go 'Hack' in the Night. Read more www.technewsworld.com: Do Real-Life Laws Stretch Into Virtual Worlds? Read more www.infoworld.com: Don't laugh at Estonia -- it could happen to you. Read more www.pcworld.com: One in Six PCs Could Be Infected With Malware. Read more www.f-secure.com: Audio - BNR Newsradio. Read more aolradio.podcast.aol.com: Audio - Security Now 116: Your Questions, Steve�s Answers 27. Listen dbacl.sourceforge.net: Can a SPAM filter play Chess?? Read more   Vulnerabilities & Exploits www.gnucitizen.org: Bugs in the Browser: Firefox�s DATA URL Scheme Vulnerability. Read more securitytracker.com: SonicWALL SSL-VPN Client Buffer Overflows in WebCacheCleaner/NeLaunchCtrl ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Symantec Anti Virus for Macintosh Mount Scan Feature Lets Local Users Gain Root Privileges. Read more securitytracker.com: Norton Anti-Virus for Macintosh Mount Scan Feature Lets Local Users Gain Root Privileges. Read more securitytracker.com: Blue Coat ProxySG Management Console Input Validation Hole in Processing CRLs Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code. Read more   Tools: www.computerdefense.org: New IDA Pro Freeware. Read more   News www.theregister.co.uk: Scepticism over cyber-jihad rumours. Read more www.theregister.co.uk: Hackers field malware from fake US election sites. Read more www.theregister.co.uk: Security experts knock spots off Mac OS X Leopard firewall. Read more www.darkreading.com: The Hartford Loses Tapes With Data on 237,000 People. Read more www.darkreading.com: Health Care Provider Adopts Next-Gen Firewall. Read more

02 November 2007 Guides, Papers, etc blogs.securiteam.com: Cryptome: NSA has access to Windows Mobile smartphones. Read more www.zdnet.com.au: More malware means good news in security fight. Read more www.viruslist.com: Virus Top 20 for October 2007. Read more www.f-secure.com: Don't Update With That Update.exe. Read more sunbeltblog.blogspot.com: Bundle of mayhem: mmcodecs. Read more sunbeltblog.blogspot.com: Sunbelt's annual Halloween madness. Read more sunbeltblog.blogspot.com: Mac trojan overhype? You tell me. Read more isc.sans.org: DNS changer Trojan for Mac (!) in the wild. Read more www.avertlabs.com: The Captcha Challenge. Read more www.avertlabs.com: Thin client insecurity (and other terrible implementation ideas). Read more www.avertlabs.com: Passive Host Characterization. Read more www.avertlabs.com: Puper (Zlob): What Are the Attackers Targeting? Read more www.cisrt.org: Is Really Microsoft Security Update? Read more ha.ckers.org: Malware Solving CAPTCHAs. Read more www.wired.com: New Apple Trojan Means Mac Hunting Season Is Open. Read more blogs.securiteam.com: Symbian S60 3rd edition hacked - and Nokia�s October response. Read more isc.sans.org: Digital cartographers. Read more isc.sans.org: Salesforce.com issue? Read more blogs.dekoh.com: Signed Java Applets broken on Vista. Read more www.eweek.com: OPOC Is Dead. Read more www.auto.tuwien.ac.at: The 5th ACM Workshop on Recurring Malcode (WORM 2007). Read more   Vulnerabilities & Exploits securitytracker.com: Zaptel Buffer Overflow in 'sethdlc.c' Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: IBM WebSphere Application Server Input Validation Hole in 'uddigui/navigateTree.do' Page Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Perdition Format String Bug in IMAP Proxy Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Novell BorderManager Buffer Overflow in clntrust.exe Lets Remote Users Execute. Read more securitytracker.com: Macrovision InstallShield Unsafe Method in Update Service ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: CUPS Buffer Overflow in ippReadIO() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: McAfee E-Business Server Heap Overflow in Processing Authentication Packets Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: IBM WebSphere Application Server API Grants Access to Remote Users. Read more securitytracker.com: Symantec Altiris Deployment Solution Lets Local Users Gain System Privileges. Read more securitytracker.com: Symantec Altiris Deployment Solution Directory Traversal Discloses File Contents to Local Users. Read more securitytracker.com: Apple Xcode Bugs Let Local Users Gain System Privileges. Read more securitytracker.com: IBM AIX Various Application Buffer Overflows Let Local Users Gain Root Privileges. Read more   Tools: loudtalks.com: Loudtalks is a little application, which allows you to talk to your friends or colleagues instantly with a single touch of a button. Read more   News www.computerworld.com: WHOIS stays as is for now. Read more www.securityfocus.com: Mac users face Trojan threat. Read more www.americanbanker.com: The New Enemy: A Trojan Worse Than Phishing. Read more www.washingtontimes.com: Chinese military boosts hacking. Read more www.technewsworld.com: Ron Paul Campaign Swept Up in Botnet Spam Scandal. Read more www.debka.com: Al Qaeda declares Cyber Jihad on the West. Read more www.computerworld.com: Experts diss rumored cyber-jihad set for Nov. 11. Read more www.securityfocus.com: Fraud dresses up as skeletons, FTC complaints. Read more www.washingtonpost.com: Hackers Unlock Violence in 'Manhunt 2'. Read more www.computerworld.com: Nanotech will replace disk drives in 10 years, researcher says. Read more

Copyright� MegaSecurity.org