Home    News Archive    Translate Traducen

News December 2007

29 December 2007 Guides, Papers, etc gyaku.jp Regulating the Japanese cyberspace, one step at a time. Read more blogs.securiteam.com When fixing is not enough. Read more sunbeltblog.blogspot.com Dog's breakfast continues on Blogger. Read more sunbeltblog.blogspot.com Security and Software as a Service (SaaS). Read more sunbeltblog.blogspot.com New fake codec site -- Windows and Mac -- codecult... Read more ddanchev.blogspot.com The New Media Malware Gang - Part Two. Read more ddanchev.blogspot.com Riders on the Storm Worm. Read more www.pcworld.idg.com.au The 2007 security hall of shame. Read more www.viruslist.com Calling the hyve. Read more www.esecurityplanet.com Ranetif Worm Opens Back Door, Infects Files. Read more www.cisrt.org New-Year2008-imgaes.zip & Happy2008.zip. Read more blogs.zdnet.com Erosion of privacy is a corporate strategy. Read more www.viruslist.com Coordinated distributions method for tracking botnets sending out spam. Read more www.eweek.com Inside a Modern Malware Distribution System. Read more www.enterprisenetworkingplanet.com Secure Your WLAN With Aircrack-ng. Read more www.wi-fiplanet.com How to Choose the Best WRT54G Router for You. Read more www.dailydomainer.com Who Is Really Monitoring Your Domain Searches? Read more img.domaintools.com SSAC Advisory on Domain Name Front Running. Read more msmvps.com Disabling DNS dynamic updates. Read more www.arbornetworks.com Audio. eBizQ Security Podcast: The Ever-More Deadly Evolution of Malicious Software. Listen www.arbornetworks.com Audio. Security Bites Podcast: FBI cracks down on bot herders. Listen www.arbornetworks.com Audio. How Botnets Are Lo-bot-omizing Your PC. Listen www.arbornetworks.com Audio. The Rise of For-Profit Botnets. Listen   Vulnerabilities & Exploits aluigi.altervista.org CoolPlayer. buffer-overflow in CPLI_ReadTag_OGG. Read more aviv.raffon.net Google Toolbar Dialog Spoofing Vulnerability. Read more securitytracker.com Joomla! Input Validation Hole Permits Cross-Site Request Forgery Attacks. Read more   Tools: utilitymill.com Exe_Dump_Utility. Read more   News www.securityfocus.com Microsoft offers peek into "juicy" flaw details. Read more www.theregister.co.uk Bhutto murder used to spread malware. Read more arstechnica.com Trojan capitalizes on Bhutto assassination in under 24 hours. Read more www.darkreading.com US-Based Chinese News Site Gets DDOSed. Read more techdirt.com Microsoft Seeks Patent On Monitoring Employees' Brains. Read more www.washingtonpost.com Dog Owner Takes On China's Web Censors. Read more arstechnica.com Nokia 4G wireless tech hits 173Mbps in real-world test. Read more

28 December 2007 Guides, Papers, etc www.securityfocus.com Fake codecs continue to plague searches. Read more www.eweek.com Instability and Modern Anti-Virus Software. Read more www.chron.com Hackers may threaten economy. Read more blogs.technet.com MS07-063 - The case of the insecure signature. Read more blogs.technet.com MS07-065 - The case of the significant suffix. Read more sunbeltblog.blogspot.com New rogue antispyware variant. Read more sunbeltblog.blogspot.com Fake codecs on Blogger. Read more sunbeltblog.blogspot.com List of deceptive music sites. Read more sunbeltblog.blogspot.com Shutterbugging it on Christmas Eve. Read more sunbeltblog.blogspot.com Malware gangs gettin' busy with holiday love. Read more ddanchev.blogspot.com Spreading Malware Around the Christmas Tree. Read more rbnexploit.blogspot.com RBN � New and Improved Storm Botnet for 2008. Read more www.cisrt.org Benazir Bhutto Assassination. Read more www.cisrt.org Warezov.xa, New Year E-card. Read more erratasec.blogspot.com MSN messenger built-in AV. Read more blog.trendmicro.com Bhutto Assassination: JavaScripted. Read more www.symantec.com Assassination Fascination. Read more www.avertlabs.com Benazir Bhutto Assassination: New Avenue for Spreading Malware. Read more www.avertlabs.com On the path to cross platform exploits. Read more www.avertlabs.com Morphing (Your Own) Documents into 2008. Read more www.eweek.com Where Does TJX Lie on the Naughty-Nice Line? Read more blogs.zdnet.com Vista deactivates me for upgrading motherboard firmware. Read more www.darkreading.com Security's Biggest Train Wrecks of 2007. Read more www.darkreading.com Storm Darkens Christmas, Takes Aim at New Year's. Read more www.technewsworld.com Google Kerfuffle Leaves Bloggers' Feathers Ruffled. Read more aolradio.podcast.aol.com Audio. Security Now 124: Listener Questions 31. Listen   Vulnerabilities & Exploits securitytracker.com Novell Identity Manager 'asampsp' Process Can Be Crashed By Remote Users. Read more securitytracker.com AOL YGP Picture Editor Buffer Overflows Let Remote Users Deny Service. Read more securitytracker.com ZyXEL Wireless Router Input Validation Hole Permits Cross-Site Scripting Attacks. Read more   News www.securityfocus.com Storm Worm offers coal for Christmas. Read more www.theregister.co.uk New Year's Eve greetings disguise Storm Worm attacks. Read more www.boston.com US cites threats to businesses abroad. Read more www.infoworld.com Microsoft sues domain name registrar for typosquatting. Read more www.latimes.com EBay goes far to fight fraud -- all the way to Romania. Read more www.computerworld.com Microsoft's Windows Home Server corrupts files. Read more www.dailynews.com Porn industry frets over security breach. Read more www.theregister.co.uk Man uses mobe as modem, rings up �27k phone bill. Read more news.bbc.co.uk Police data details found at dump. Read more www.theregister.co.uk German police hunt 12,000 strong child abuse ring. Read more www.theregister.co.uk Gmail exploit aids domain hijack. Read more

25 December 2007 Guides, Papers, etc www.f-secure.com It's a Stormy Christmas Eve..Read more www.f-secure.com No Storm This Christmas. Read more www.disog.org The silent Storm and Javascript Decoding. Read more blog.trendmicro.com Here comes Storm again. Read more ddanchev.blogspot.com Spreading Malware Around the Christmas Tree. Read more ddanchev.blogspot.com Pinch Variant Embedded Within RussianNews.ru. Read more www.cisrt.org Zhelatin.pd, stripshow.exe. Read more www.cisrt.org Zhelatin.pe, Christmas Greeting Ecards. Read more www.cisrt.org Spams with Hard.zip. Read more isc.sans.org A Christmas Packet Challenge. Read more isc.sans.org Anticipated Storm-Bot Attack Begins. Read more isc.sans.org Getting a web browser without a web browser? Read more www.symantec.com Is Trojan.Zlob Getting Honest? Naaahh...Read more www.microsoft.com Island Hopping: The Infectious Allure of Vendor Swag. Read more blogs.securiteam.com From description to exploit. Read more www.roughlydrafted.com Vista vs Mac OS X Security: Why George Ou�s ZDNet Vulnerability Numerology is Absurd. Read more arstechnica.com Report: antivirus applications getting weaker over time. Read more www.openrce.org RDP Botnets : Malware Google Dorking - Not an Easy Task. Read more www.vnunet.com 2007 Roundup: The march of the botnets. Read more www.theregister.co.uk Vista sets 2007 land-speed record for copying and deleting. Read more www.viruslist.com Coordinated distributions method for tracking botnets sending out spam. Read more www.secniche.org Google Metacharacter [*] Spamdexing Bug. Read more rbnexploit.blogspot.com RBN � $$$ - the retail payment systems. Read more www.secniche.org Real Time Hacking : ISA Server. Read more www.ics.forth.gr Detecting Targeted Attacks Using Shadow Honeypots. Read more www.secniche.org Detecting Vmwares Remotely. Read more podcasts.mcafee.com Audio. McAfee's AudioParasitics Episode 24. Virtual Criminology. Listen podcasts.sophos.com Audio. Surfing the pump-and-dump wave. Listen   Vulnerabilities & Exploits Adobe Flash Content May Permit Cross-Site Scripting Attacks. Read more   News www.icwt.us Tens of Thousands of Adult Website Records Compromised. Read more economictimes.indiatimes.com Cyber crime wing arrests 12-member hacker gang in Bangalore. Read more

22 December 2007 Guides, Papers, etc blogs.securiteam.com Cryptome: NSA has real-time access to Hushmail servers. Read more www.news.com Security firms on police spyware, in their own words. Read more www.viruslist.com The darker side of online virus scanners. Read more blogs.securiteam.com New Security Threats & Solutions. Read more blogs.securiteam.com �Tis the season. Read more ddanchev.blogspot.com ClubHack 2007 - Papers and Presentations. Read more ddanchev.blogspot.com Russia's FSB vs Cybercrime. Read more www.websense.com ARP spoofing HTTP infection malware. Read more www.avertlabs.com Rootkits in China Part 1. Read more winnow.oitc.com Antivirus Performance. Read more www.f-secure.com Pinch Malware Authors Busted. Read more www.f-secure.com Arrested Mules. Read more www.darkreading.com Tech Insight: Microsoft's IPSec. Read more www.darkreading.com Your Customer: The New Insider Threat. Read more seattletimes.nwsource.com Anti-virus program, ISP limits may cause computer's timeout. Read more www.securityfocus.com Real Flaws in Virtual Worlds. Read more www.itbusinessedge.com Security Staffs Must Beware as Hackers Knock on the Backdoor. Read more www.microsoft-watch.com IE 8 and the New Browser War. Read more www.infoworld.com A side of hash. Readmore www.informit.com Social, Legal, and Ethical Issues in Computing: Errors, Failures, and Risk. Read more www.disog.org The silent Storm and Javascript Decoding. Read more www.0x000000.com Why Signature Detection Fails. Read more msmvps.com Acid2 fisticuffs (yes, I am joking) ;o) Read more www.vitalsecurity.org Reaction to yesterday's takedown. Read more www.courttv.com Upcoming on CourtTV. Tuesday, December 25 at 11 and 11:30pm E/P. This v�rit� action series follows Tiger Team � a group of elite professionals hired to infiltrate major business and corporate interests with the objective of exposing weaknesses in the world�s most sophisticated security systems, defeating criminals at their own game. Read more   Vulnerabilities & Exploits securitytracker.com IBM Content Manager for z/OS Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com IBM Domino Web Access 'dwa7w.dll' ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com autofs Lets Local Users Gain Elevated Privileges. Read more securitytracker.com HP-UX rpc.yppasswdd Bug Lets Remote Users Deny Service. Read more securitytracker.com HP Tru64 File-on-File Mounting File System Bug Lets Local Users Deny Service. Read more securitytracker.com Ingres Database Grants Remote Users Access to the Database with the Incorrect Privileges. Read more securitytracker.com HP Software Update ActiveX Control Has Unsafe Method That Lets Remote Users Damage Files or Execute Arbitrary Code. Read more securitytracker.com Citrix Web Interface Input Validation Hole in Online Help Permits Cross-Site Scripting Attacks. Read more securitytracker.com Opera Bugs Permit Code Execution and Cross-Domain Scripting Attacks. Read more securitytracker.com libexif Infinite Recursion Bug Permits Denial of Service Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Cisco Firewall Service Module Application Inspection Bug Lets Remote Users Deny Service. Read more   News www.theregister.co.uk Serious Flash vulns menace tens of thousands websites. Read more www.theregister.co.uk Click here to turn your HP laptop into a brick. Read more www.theregister.co.uk Russian Feds close in on Pinch Trojan authors. Read more www.channelregister.co.uk Kaspersky false alarm quarantines Windows Explorer. Read more www.channelregister.co.uk Anti-virus protection gets worse. Read more www.theregister.co.uk Skipton in lost laptop security woes. Read more www.theregister.co.uk Ad hijacking Trojan targets Google. Read more news.zdnet.co.uk Google 'powerless' to stop AdSense theft. Read more www.news.comRead more www.smh.com.au Police raid penis enlargement spammer. Read more www.computerworld.com Apple files patent for WGA-style anti-piracy tech. Read more

21 December 2007 Guides, Papers, etc enews.penton.com Malware Evolves to Bypass Common Controls. Read more www.marrowbones.com Orkut Worm Code (and why was Google so slow to respond?). Read more ddanchev.blogspot.com Inshallahshaheed - Come Out, Come Out Wherever You Are. Read more ddanchev.blogspot.com Pushdo - Web Based Malware as Usual. Read more www.cisrt.org Google/Orkut Worm Outbreak. Read more blog.wslabi.com Focus On: MySQL remote code execution. Read more www.vitalsecurity.org Stock Trading Spam Hits Flickr. Read more www.darkreading.com Hacking a New DNS Attack. Read more www.f-secure.com Red Cross money mule recruitment. Read more blogs.technet.com MS07-069 Cumulative Security Update for Internet Explorer - Post Install Issue. Read more support.microsoft.com Internet Explorer 6 crashes after you install security update 942615 on a computer that is running Windows XP Service Pack 2. Read more www.eweek.com Your Spammer May Be a Victim, Too. Read more isc.sans.org Adobe Flash Player and GoLive security updates. Read more isc.sans.org Got a HP laptop and running windows? Time to patch! Read more www.darkreading.com Pen Testing Goes Reality TV. Read more www.darkreading.com Putting Up Your Cyber Defenses. Read more www.darkreading.com Navigating the 'C' of Network Discovery. Read more swatrant.blogspot.com Zlob fake codecs in Google Groups. Read more blog.trendmicro.com Google Toolbar: Beware of Buttons. Read more rbnexploit.blogspot.com RBN � $$$ - the retail payment systems. Read more ha.ckers.org Google Spamming Us. Read more blogs.securiteam.com beThere backdoor still there. Read more anti-virus-rants.blogspot.com when is a botnet not a botnet? Read more badmalweb.com Rebecca the Webmaster - BadWare Case Study. Read more www.podtrac.com Audio. Security Now 123: JungleDisk. Listen   Vulnerabilities & Exploits securitytracker.com Sun Management Center (SunMC) Lets Remote Users Access the Database. Read more securitytracker.com Sun Ray Device Manager Daemon Lets Remote Users Create/Delete Directories and Deny Service. Read more securitytracker.com Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code, Scan Ports, and Conduct HTTP Request Splitting and Cross-Site Scripting Attacks. Read more securitytracker.com Clam AntiVirus Integer Overflow in Processing MEW Packed Files Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Asterisk Lets Remote Users Bypass Host-based Access Controls in Certain Cases. Read more   Tools: blogs.zdnet.com First Look at Firefox 3.0 Beta 2. Read more www.computerworld.com Plexiglas-like DVD to hold 1TB of data. Read more www.gnucitizen.org General Purpose Fuzzer.py. Read more   News www.channelregister.co.uk Portuguese-speaking worm attacks Google Orkut users. Read more www.viruslist.com Pinch authors pinched. Read more www.channelregister.co.uk Dutch arrest 14 mules in ABN AMRO scam. Read more www.channelregister.co.uk Indonesian hacker touches souls by bringing down police website. Read more www.computerworld.com 'Bricking' bug threatens most HP, Compaq laptops. Read more news.zdnet.co.uk Veracode tool scans for developer backdoors. Read more www.channelregister.co.uk Microsoft spits out final XP service pack, beta version. Read more www.news.com Warning sounded over 'flirting robots'. Read more

19 December 2007 Guides, Papers, etc www.wired.com The Great Firewall: China's Misguided � and Futile � Attempt to Control What Happens Online. Read more www.secureworks.com Pushdo - Analysis of a Modern Malware Distribution System. Read more www.eweek.com Closing a Hole in AV Software Testing. Read more www.cs.utexas.edu How To Break Anonymity of the Netflix Prize Dataset. Read more ddanchev.blogspot.com 209.1 Host Locked. Read more ddanchev.blogspot.com Cyber Jihadist Hacking Teams. Read more www.youtube.com Video. Phishing Demo - Rock Phish Kit. Watch sunbeltblog.blogspot.com Another security company succumbs to temptation. Read more www.f-secure.com Happy New Year... .exe? Read more isc.sans.org Apple Security Update 2007-009. read more msmvps.com Malicious banner adverts .. they haven't gone away. Read more www.0x000000.com DollarRevenue Fined For 1M Euro. Read more www.wired.com Dec. 18, 1987: Perl Simplifies the Labyrinth That Is Programming Language. Read more   Vulnerabilities & Exploits www.cisrt.org HP Info Center HPInfoDLL.dll ActiveX Control Vulnerability. Read more securitytracker.com iChat Lets Remote Users on the Local Network Initiate Unauthorized Video Chats. Read more securitytracker.com Safari SubFrame Navigation and RSS Feed URL Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code. Read more securitytracker.com Apple Mail May Use Plaintext Authentication When SMTP Authentication is Selected. Read more securitytracker.com Mac OS X Multiple Bugs Permit Remote Code Execution, Local Privilege Escalation, Cross-Site Scripting Attacks, and Information Disclosure. Read more securitytracker.com Syslog-ng Timestamp NULL Pointer Dereference Bug Lets Remote Users Deny Service. Read more securitytracker.com Net::DNS Bug in Processing DNS Response Packets Lets Remote Users Deny Service. Read more securitytracker.com Scponly May Let Remote Authenticated Users Execute Arbitrary Commands. Read more   News www.theregister.co.uk MS to bundle 'broken' random number tool in Vista SP1. Read more www.darkreading.com New Service Detects Backdoors in Software. Read more www.theregister.co.uk Dutch regulator slaps spyware purveyors with �1m fine. Read more www.pcworld.com Microsoft Lets Everyone Try Windows XP SP3. Read more www.gartner.com Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks. Read more www.computerworld.com Update: Bugs in IE, Gmail allow hackers to hijack public PCs, researchers say. Read more

17 December 2007 Guides, Papers, etc papers.ssrn.com The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident. Read more www.time.com Enemies at The Firewall. Read more resources.zdnet.co.uk Cracking open the cybercrime economy. Read more www.hackosis.com Concept: Security by Deception with Emulation. Read more www.f-secure.com Fake Adult Friend Finder Greeting Cards. Read more isc.sans.org Responding to a file-parsing application attack. Read more www.cisrt.org Card from Adult Sex Finder? Read more sunbeltblog.blogspot.com Another DNSChanger codec variant to stay away from - codecnice. Read more sunbeltblog.blogspot.com This is not cool. Read more blog.trendmicro.com Hackers Eye .MDB. Read more ddanchev.blogspot.com Cached Malware Embedded Sites. Read more ddanchev.blogspot.com Have Your Malware In a Timely Fashion. Read more ddanchev.blogspot.com Combating Unrestricted Warfare. Read more www.eweek.com DNSSEC Is Dead, Stick a Fork in It. Read more aolradio.podcast.aol.com Audio. Security Now 122: Listener Feedback #30. Liten craphound.com Audio. The Hacker Crackdown Read more   Vulnerabilities & Exploits securitytracker.com Solaris NFS Kernel Bug Lets Remote Authenticated Users Gain Privileged Access in Certain Cases. Read more securitytracker.com Novell GroupWise Stack Overflow in Processing IMG SRC Tag Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Juniper JUNOS BGP and IPv6 Bugs Let Remote Users Deny Service. Read more securitytracker.com QuickTime QTL File and Flash Media Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com HP-UX DCE Lets Remote Users Deny Service. Read more securitytracker.com Gentoo Portage May Disclose Information to Local Users. Read more   Tools: www.owasp.org SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Read more www.computec.ch The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. Read more xenion.antifork.org The Cookie Tools 0.3. Read more sourceforge.net EchoVNC is a secure, "firewall-friendly" remote-desktop tool with support for VNC, Remote Desktop, and RAdmin servers and viewers. Read more   News www.securityfocus.com Apple patches flaws in QuickTime. Read more www.theregister.co.uk Apple keeps critical security fixes to itself. Read more www.theregister.co.uk Botnets linked to political hacking in Russia. Read more www.techcrunch.com Facebook Sues Porn Company Over Hacking Attempt. Read more mcwresearch.com Top US Military Labs pwned by spear phishing. Read more www.stuff.co.nz Banks confident of consensus on Internet code. Read more www.spaminspector.org Cyber police arrest kingpin and 11 others of a hacking gang. Read more news.zdnet.co.uk Google develops Wikipedia rival. Read more www.securecomputing.net.au Australia-wide online child predator network dismantled. Read more www.spaminspector.org TN man held for hacking bank accounts. Read more www.wired.com Hans Reiser Murder Trial Zeros in on Odd Behavior. Read more 66.225.202.210 RIAA versus Grandma, Part II: the showdown that wasn't. Read more

14 December 2007 Guides, Papers, etc isc.sans.org SquirrelMail package compromise. Read more isc.sans.org Important upgrade for Juniper routers. Read more isc.sans.org QuickTime 7.3.1 released addresses RTSP vulnerability. Read more www.joelesler.net Quicktime 7.3.1 Update is out. Read more isc.sans.org A day in the life of a firewall log. Read more www.f-secure.com Turkish Defacement. Read more www.f-secure.com Warezov Continues. Read more msmvps.com I want my 4 hours damn it!!! Read more msmvps.com An Internet Explorer Automatic Component Activation (IE ACA) Update Preview is available. Read more www.avertlabs.com No more W32/Voterai.worm? Read more www.cisrt.org Christmas Day Coming, Malwares Coming. Read more ddanchev.blogspot.com Combating Unrestricted Warfare. Read more ddanchev.blogspot.com Phishing Metamorphosis in 2007 - Trends and Developments. Read more www.darkreading.com Spam Reaching Record Volumes, Researchers Say. Read more www.securityfocus.com Survey: Privacy breaches rampant in corporations. Read more lauren.vortex.com Fears of ISP "Man in the Middle" Security Attacks. Read more www.smh.com.au The hunt for Russia's web crims. Read more www.smh.com.au Internet hijackers pull the money. Read more www.smh.com.au Is internet banking safe? Read more www.smh.com.au In the world of emails, junk rules. Read more weblog.infoworld.com Don't be a phishing vigilante. Read more www.gcn.com NIST working on new method for finding software bugs. Read more www.codinghorror.com Has CAPTCHA Been "Broken"? Read more www.0x000000.com Hacking 27Mhz Wireless Keyboards. Read more www.ipetitions.com Banning Bots in AIM Chat Rooms. Read more   Vulnerabilities & Exploits securitytracker.com Symantec Mail Security Buffer Overflows in Processing Lotus 1-2-3 Attachments Let Remote Users Execute Arbitrary Code. Read more securitytracker.com Kerio WinRoute Firewall May Let Remote Users Bypass Authentication. Read more securitytracker.com Websense Enterprise Lets Remote Users Bypass Web Filtering With Modified User-Agent Values. Read more securitytracker.com Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks. Read more securitytracker.com WebLogic Mobility Server Image Converter Lets Remote Users Access Resources. Read more securitytracker.com Red Hat autofs Lets Local Users Gain Root Privileges. Read more securitytracker.com HP Info Center 'HPInfoDLL.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service. Read more securitytracker.com MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges. Read more securitytracker.com MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges. Read more securitytracker.com Trend Micro Antivirus Format String Bug in Processing UUE Files Lets Remote Users Deny Service. Read more   Tools: www.pcw.co.uk AVG Anti-Virus Free 7.5.503a1224. Read more   News www.securityfocus.com Microsoft patches DirectX, Internet Explorer. Read more www.theregister.co.uk Update glitch derails Kaspersky. Read more www.theregister.co.uk Privacy storm descends on Dutch health care database. Read more www.computerworlduk.com One in five PCs infected with silent rootkits. Read more www.computerworlduk.com Botnet-controlled Trojan robbing UK online bank customers. Read more www.businessweek.com Hackers Likely to Target Chinese Users in 2008. Read more news.findlaw.com Polish police detain 29 suspected of spreading child pornography. Read more blog.wired.com Witnesses: Hans Reiser Acting Strange After Wife Went Missing -- Update. Read more www.switched.com Amazon Kindle Hacked, Leading to More E-Books for Readers. Read more

12 December 2007 Guides, Papers, etc www.securityfocus.com The Man in the Machine. Read more www.securityfocus.com Copyrights and Wrongs. Read more www.computerweekly.com Web 2.0 creates �Trojan 2.0� threat. Read more www.f-secure.com Year-End Updates from Microsoft. Read more support.microsoft.com An update that improves the performance, responsiveness, and reliability of Windows Vista is available. Read more www.f-secure.com Security Advisories. Read more f-secure.goodmood.net Video. Data Security Summary - July to December 2007. Watch isc.sans.org December black tuesday overview. Read more isc.sans.org How to stop javascript from websites infecting clients. Read more sunbeltblog.blogspot.com New Zlob site: abcdperformance. Read more sunbeltblog.blogspot.com New fake codec website -- Windows and Mac -- codec... Read more sunbeltblog.blogspot.com Sunbelt Sandbox fun. Read more sunbeltblog.blogspot.com Good customer service. Read sunbeltblog.blogspot.com New fake codec trojan variant -- Windows and Mac -- codechard. Read more sunbeltblog.blogspot.com AFF porn spam continues unabated despite FTC settlement. Read more sunbeltblog.blogspot.com Adult Friend Finder settles. Read more sunbeltblog.blogspot.com Some additional commentary about the Antimalware T... Read more sunbeltblog.blogspot.com New rogue antispyware variants. Read more www.disog.org Sandboxing and CSA Advisory. Read more www.disog.org QuickTime and RealPlayer Exploits. Read more blogs.securiteam.com Fuzzing is not just buffer overflows. Read more lauren.vortex.com Toward Pervasive Internet Encryption: Unshackling the Self-Signed Certificate. Read more lauren.vortex.com http: Must Die! (and The Encryption Solution). Read more ha.ckers.org Exaggerating Timing Attack Results Via GET Flooding. Read more www.darkreading.com AV Gets a Facelift. Read more www.darkreading.com Real Data in App Testing Poses Real Risks. Read more www.schneier.com Security in Ten Years. Read more ddanchev.blogspot.com Update on the MySpace Phishing Campaign. Read more ddanchev.blogspot.com Inside the Chinese Underground Economy. Read more ddanchev.blogspot.com Phishers, Spammers, and Malware Authors Clearly Co... Read more ddanchev.blogspot.com The Shark Malware - New Version's Coming. Read more www.eweek.com Browser Insecurity Wars Still Rage. Read more www.eweek.com Your PC Is Vulnerable Without Browser Protection. Read more www.eweek.com How Not to Engender Confidence in Your Customers. Read more www.computerworld.com How dangerous user behavior puts networks at risk. Read more www.computerworld.com The 2007 Security Hall of Shame. Read more aolradio.podcast.aol.com Audio. Security Now 121: Is Privacy Dead? Listen www.cs.ucsb.edu The 2007 UCSB International Capture The Flag. Read more   Vulnerabilities & Exploits securitytracker.com Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Windows Vista Kernel ALPC Validation Flaw Lets Local Users Gain Elevated Privileges. Read more securitytracker.com Windows Media Format Runtime ASF File Parsing Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code. Read more securitytracker.com Windows Vista Server Message Block v2 Signature Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com WordPress Input Validation Flaw in Search Function Lets Remote Users Inject SQL Commands. Read more securitytracker.com IBM AIX Has Multiple Security Bugs With Unspecified Impact. Read more securitytracker.com Websense Input Validation Hole in 'username' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com Samba Buffer Overflow in nmbd send_mailslot() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Windows Media Player Stack Overflow in 3ivx Codec Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Skype Memory Corruption Error in 'skype4com' URI Handler Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com QuickTime Unspecified Flaw Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com Novell NetMail Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more securitytracker.com IBM Hardware Management Console HMC Commands Let Users Gain Elevated Privileges. Read more securitytracker.com MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information. Read more securitytracker.com Cisco 7940 IP Phone Can Be Crashed By Remote Users Sending a Sequence of SIP INVITE Requests. Read more securitytracker.com teTeX Buffer Overflows Let Remote Users Execute Arbitrary Code and Unsafe Temporary Files Let Local Users Overwrite Files. Read more Heimdal Kerberos Uninitialized Variable in ftpd Application Has Unspecified Impact. Read more     News www.securityfocus.com Microsoft patches DirectX, Internet Explorer. Read more www.securityfocus.com National labs hit with targeted attacks. Read more www.securityfocus.com Secunia faces legal threat over flaw advisory. Read more www.theregister.co.uk Media player users beware: more vulns ahead. Read more www.theregister.co.uk Hey, HP laptop owners: click here to get hijacked. Read more www.theregister.co.uk Windows Service Pack refuseniks offered temporary respite. Read more www.smh.com.au Microsoft axes Vista 'kill switch' feature. Read more www.itpro.co.uk Ask.com adds eraser to protect privacy. Read more www.networkworld.com Attackers poised to exploit Olympics, presidential elections in 2008. Read more www.securitypronews.com Rogers Internet Injects Itself Into Google. Read more www.australianit.news.com.au Police WiFi sting brings arrest. Read more www.news.com Warning sounded over 'flirting robots'. Read more

05 December 2007 Guides, Papers, etc honeyblog.org Technical Report: Studying Malicious Websites and the Underground Economy on the Chinese Web. Read more honeyblog.org Technical Report: Characterizing the IRC-based Botnet Phenomenon. Read more www.channelregister.co.uk Tracking down the Ron Paul spam botnet. Read more isc.sans.org Estonian Defense Minister Comments. Read more blogs.securiteam.com: The number of unpatched QuickTime flaws is: two. Read more blog.wired.com Blind Hacker Says He's No Friend of Convicted SWATters. Read more sunbeltblog.blogspot.com State of South Carolina lovin' porn. Read more sunbeltblog.blogspot.com New fake codec trojan variant -- Windows and Mac -- codecmega. Read more www.f-secure.com Worm-Like Anti-Theft. Read more ddanchev.blogspot.com Censoring Web 2.0 - The Access Denied Map. Read more www.darkreading.com New DNS Technology Flags Bad Guys Before They Act. Read more www.darkreading.com Study Reveals Overlooked Sources of Leaks. Read more www.darkreading.com Microsoft's Wireless Keyboard Hacked. Read more www.theregister.co.uk Win 2000 anti-virus products fail independent tests. Read more isc.sans.org From the mailbag, December 3rd edition. Read more www.ispreview.co.uk Microsoft - IE Browser More Secure Than Firefox. Read more holisticinfosec.org Malcode Analysis Techniques for Incident Handlers. Read more holisticinfosec.org Mandiant Red Curtain: Malware identification for incident responders. Read more   Vulnerabilities & Exploits securitytracker.com Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks. Read more securitytracker.com Squid Cache Update Reply Processing Bug Lets Remote Users Deny Service. Read more securitytracker.com Beehive Forum Input Validation Flaw in 't_dedupe' Lets Remote Users Inject SQL Commands. Read more securitytracker.com Solaris Linux Branded Zone Bug in brand_sys_int80() Function Lets Local Users Deny Service. Read more   News press-releases.techwhack.com F-Secure reports amount of malware grew by 100% during 2007. Read more news.zdnet.co.uk: Governments prepare for 'cyber cold war'. Read more www.vnunet.com Spammers shift to spreading malware. Read more www.channelregister.co.uk: Grisoft acquires LinkScanner. Read more www.hardwarezone.com Three Year Old Worm Accounts For Almost A Quarter Of Email Malware. Read more

03 December 2007 Guides, Papers, etc www.win.tue.nl Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5. Read more computerworld.co.nz: DNS hacked again with poisoning attack. Read more www.itwire.com: Online banking, transactions and security � how safe are we really? Read more www.win.tue.nl: Predicting the winner of the 2008 US Presidential Elections using a Sony PlayStation 3. Read more www.f-secure.com: Merry Christmas and so on. Read more isc.sans.org: Active exploit site for Quicktime RTSP Response vulnerability. Read more www.cisrt.org Exploit for Quicktime Vulnerability. Read more blog.trendmicro.com Xunlei X-ploit X-amined. Read more www.darkreading.com AV Vendor Adopts 'Herd' Intelligence. Read more blogs.securiteam.com: Tools, tools, tools. Read more www.pcadvisor.co.uk 30 quick fixes for Windows XP & Vista. Read more   News www.nzherald.co.nz: Teen hacker has mild autism. Read more www.computerworld.com: Hackers expoit Apple Quicktime vulnerability. Read more www.responsesource.com: New report reveals 20 billion spam emails are targeted at UK computer users every day. Read more www.darkreading.com Insecure Software Costs US $180B per Year. Read more news.softpedia.com: Google And Microsoft Focused On Users' Security, Yahoo Ignores The Infections. Read more news.softpedia.com: Hackers Broke Into The Rolls-Royce Network. Read more blogs.iss.net: Phishers test the water with shorter hooks. Read more www.itnews.com.au Malware bandits go looking for goals on ESPN's Soccernet.com. Read more www.computerworld.com: Microsoft Takes Steps to Prevent WGA Potholes. Read more www.northjersey.com: Identity theft makes couple helpless. Read more

01 December 2007 Guides, Papers, etc ddanchev.blogspot.com: Malware Serving Online Casinos. Read more ddanchev.blogspot.com: 66.1 Host Locked. Read more www.darkreading.com: AV Vendor Adopts 'Herd' Intelligence. Read more isc.sans.org: Facebook, pr0n and privacy. Read more isc.sans.org: Bot Roast II. Read more www.f-secure.com: Holiday Roast. Read more sunbeltblog.blogspot.com USAID site hacked, serving porn. Read more sunbeltblog.blogspot.com Dwindling Spiral: The increasingly degraded practices of Adult Friend Finder. Read more sunbeltblog.blogspot.com Four new rogue antispyware programs. Read more sunbeltblog.blogspot.com Another reason why Firefox really is safer than IE. Read more sunbeltblog.blogspot.com Porn back on ca.gov site? Oh, this is not good. Read more sunbeltblog.blogspot.com new fake codec: vplprocedure. Read more sunbeltblog.blogspot.com HEADS UP: More Google poisoning on the way? Read more blog.trendmicro.com Consented Blackmail. Read more msmvps.com Performanceoptimizer malware hits www.defsounds.com. Read more www.joelesler.net Now, that's a nice User-Agent. Read more isc.sans.org: Firefox 2.0.0.11. Read more eprint.iacr.org: Cryptanalysis of the Random Number Generator of the Windows Operating System. Read more www.darkreading.com: Making $1M a Month. Read more www.darkreading.com: Wachovia Automates Security Policies. Read more www.darkreading.com: When Projects Cause Security Failures. Read more www.cio.com: E-Mail Analysis Snooping in Your In-Box. Read more techdirt.com: News Publishers Want To Change Robots.txt; Want To Make Sure Their Content Is Less Useful. Read more www.news.com: Report: Hackers say they can steal 'Second Life' currency. Read more www.technewsworld.com: Cyber Spying Set to Explode. Read more www.betanews.com: Microsoft: Firefox users in danger due to more frequent updates. Read more blogs.technet.com Internet Explorer and Firefox Vulnerability Analysis. Read more www.pcadvisor.co.uk: Why old Wi-Fi security is vulnerable to attack. Read more www.wired.com: Online Games Use Fraud Software to Combat Cheats. Read more www.podtrac.com: Audio. Security Now 120: Your Questions, Steve's Answers 29. Listen cpe.njit.edu: Video Lectures Data Mining. Read more cpe.njit.edu: Operating Systems Video Lectures. Read more   Vulnerabilities & Exploits securitytracker.com: OpenSSL FIPS Object Module Self-Test Error Causes the System to Generate More Predictable Pseudo Random Data. Read more securitytracker.com: securitytracker.com: Cairo Integer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: IBM Tivoli Netcool Security Manager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Solaris Fibre Channel Protocol Driver Flaw Lets Local Users Deny Service. Read more securitytracker.com: Pioneers Bugs Let Remote Users Deny Service. Read more securitytracker.com: FreeBSD Kernel May Disclose Previously Read Pseudo Random Data to Local Users. Read more securitytracker.com: TIBCO Rendezvous RV Daemon Memory Bug Lets Remote Users Deny Service. Read more securitytracker.com: Asterisk Input Validation Flaw in res_config_pgsql Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Asterisk Input Validation Flaw in cdr_pgsql Lets Remote Users Inject SQL Commands. Read more securitytracker.com: APC Switched Rack Power Distribution Units Grant Access to Remote Users. Read more securitytracker.com: Red Hat Content Accelerator Kernel Patch open(O_ATOMICLOOKUP) Function Lets Local Users Deny Service. Read more securitytracker.com: HP OpenView Network Node Manager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more securitytracker.com: @Mail Input Validation Hole in 'util.php' Permits Cross-Site Scripting Attacks. Read more securitytracker.com: Solaris RPC Race Condition Lets Local Users Deny Service. Read more securitytracker.com: ht://Dig Input Validation Hole in 'sort' Parameter Permits Cross-Site Scripting Attacks. Read more securitytracker.com: IBM Lotus Notes for Linux Has Unsafe Folder Permissions Let Local Users Gain Root Privileges. Read more securitytracker.com: scanbuttond Symlink Bug Lets Local Users Gain Root Privileges. Read more   Tools: www.xirrus.com: Xirrus Wi-Fi Monitor Gadget for Windows Vista. Read more   News www.securityfocus.com: FBI nets eight suspected bot masters. Read more www.guardian.co.uk: Teenager arrested over '�9.7m computer hacking ring'. Read more www.theregister.co.uk: NZ police cuff teenage botnet mastermind suspect. Read more www.securityfocus.com: TJX wins one battle, offers banks $41 million. Read more www.theregister.co.uk: California gov site invaded by smut and malware again. Read more www.computerworld.com: Dell sues cybersquatters. Read more www.computerworld.com.au: Technology identifies invisible intruders on wireless LANs. Read more blogs.guardian.co.uk: YouTube suspends Egyptian blog activist's account. Read more www.securityfocus.com: Random number bug blights FreeBSD. Read more www.news.com: Study: 'Huge jump' in Microsoft flaws since last year. Read more www.securityfocus.com: Hackers re-poison Google search results. Read more www.computeractive.co.uk Cyber-cops bust online marriage scam. Read more www.wired.co: Prosecutors Score Big in Week 3 of Linux programmer Hans Reiser Murder Trial. Read more

Copyright� MegaSecurity.org