Last updated:
Fri Nov 20 20:12:18 2009 GMT
  2008 FIRST Annual Conference in Japan - Register now


Recent bugs
via SecurityFocus,
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
KDE KDELibs 'dtoa()' Remote Code Execution Vulnerability
HP OpenView Network Node Manager 'ovdbrun.exe' Denial of Service Vulnerability
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
RhinoSoft Serv-U Remote Denial of Service Vulnerabilities
RhinoSoft Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
Drupal Temporary Invitation Module 'Name' Field HTML Injection Vulnerability
Drupal Node Hierarchy Module Node Title HTML Injection Vulnerability
GIMP BMP Image Parsing Integer Overflow Vulnerability
WebKit Multiple Remote Code Execution, Denial of Service, and Information Disclosure Vulnerabilities
Recent advisories
via Secunia, US-CERT,
TA09-314A: Microsoft Updates for Multiple Vulnerabilities
TA09-294A: Oracle Updates for Multiple Vulnerabilities
TA09-286B: Adobe Reader and Acrobat Vulnerabilities
TA09-286A: Microsoft Updates for Multiple Vulnerabilities
TA09-251A: Microsoft Updates for Multiple Vulnerabilities
TA09-223A: Microsoft Updates for Multiple Vulnerabilities
TA09-218A: Apple Updates for Multiple Vulnerabilities
TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities
TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products
TA09-195A: Microsoft Updates for Multiple Vulnerabilities
TA09-187A: Microsoft Video ActiveX Control Vulnerability
TA09-160A: Microsoft Updates for Multiple Vulnerabilities
TA09-161A: Adobe Acrobat and Reader Vulnerabilities
TA09-133A: Apple Updates for Multiple Vulnerabilities
TA09-133B: Adobe Reader and Acrobat JavaScript Vulnerabilities
TA09-132A: Microsoft PowerPoint Multiple Vulnerabilities
TA09-105A: Oracle Updates for Multiple Vulnerabilities
TA09-104A: Microsoft Updates for Multiple Vulnerabilities
TA09-088A: Conficker Worm Targets Microsoft Windows Systems
TA09-069A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
Firefox 3.5.3 Remote Array Overrun (UPDATE)
PHP "multipart/form-data" denial of service
AssetsSoSimple supplier_admin.php Supplier Field XSS
Auto Manager admin.cgi Multiple Field XSS
[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
[USN-860-1] Apache vulnerabilities
[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309)
MS09-065 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
MS09-064 - Critical: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
MS09-063 - Critical: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-059 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
Stock Watch
via Yahoo! Finance
Updated 3/1/2008
TMICY.PK 34.25 +0.10
TMWD 1.28 -0.02
NASDAQ 2271.48 -60.09
AMD 7.21 +0.19
BCSI 23.48 -0.50
CA 22.88 -0.24
CIC.TO 1.48 -0.09
CKP 24.20 -0.48
CSCO 24.39 -0.27
CWDW.OB 0.0034 -0.0006
FIRE 6.00 -0.34
IBM 113.86 -1.38
INTC 19.9699 -0.5201
INTZ.OB 0.15 +0.01
JNPR 26.82 -1.77
MFE 33.27 -0.98
MSFT 27.1999 -0.7301
PKTR 4.47 -0.12
SCLD 0.89 +0.0201
SNWL 8.33 -0.18
SYMC 16.84 -0.45
VRSN 34.80 -1.20
WBSN 19.47 -0.02

 

Recent News

Adobe Attacks are Opportunity Driven
About Antivirus Software

In Can Adobe Beat Back the Hackers, BusinessWeek claims "as Microsoft has toughened up its security, Adobe has become a more tempt

Health Net Loses 1.5 Million Medical Records
InternetNews.com Security News
Another external hard drive goes missing, exposing the medical records and Social Security numbers of thousands of patients.

Cisco Debuts 24/7 Security iPhone App
InternetNews.com Security News
The networking giant could have just ruined the lunch hours of security officers everywhere with new iPhone app.

Past Year's Malware Could Shape 2010's Threats
InternetNews.com Security News
Ever heard of Induc, Sninsfs or OSX.iservice? These new types of attacks emerged in 2009 and could become more prevalent in the year ahead.

Potty-mouths charged for Comcast hijack
The Register - Security

Destination '69 dick tard lane'

The potty-mouthed hackers who hijacked Comcast's domain name for several hours last year were charged with intentionally damaging a protected computer system.


EU security agency highlights cloud computing risks
Network World on Security
Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the Europea

Banks on watch after suspected card breach
Network World on Security
An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions.

Cyberattacks on U.S. military jump sharply in 2009
Network World on Security
Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Mandriva Linux Security Update Advisory - glpi (MDVA-2009:214)
Help Net Security - Advisories
_______________________________________________________________________ Mandriva Linux Advisory MDVA-2009:214 http://www.mandriva.com/security/ _________________...

A Linux Security Primer
LinuxSecurity.com - Latest News
LinuxSecurity.com: Linux aficionados and computer security experts -- not to mention many IT writers -- are known to use a couple of terms with, well, not-easily-discernable definitions when they talk about Linux security. Problem is, you need to k

Using a Cisco Router as a "Remote Collector" for tcpdump or Wireshark
LinuxSecurity.com - Latest News
LinuxSecurity.com: Have you ever thought about your routers. I mean - *really* thought about them? They think all day long, processing all of the packets in and out of your company's WAN or internet connection, and hardly ever complain. But can

PHP 5.3.1 Security Updates
LinuxSecurity.com - Latest News
LinuxSecurity.com: Nearly five months after the release of PHP 5.3.0, the PHP developers have released the first maintenance update to the 5.3 branch of their popular programming language. The PHP 5.3.1 update focuses on stability and includes appr

Google Chrome OS goes open source in Chromium OS
LinuxSecurity.com - Latest News
LinuxSecurity.com: Google today has officially open sourced its under-development Chrome OS operating system under the Chromium OS project. The code is available now at: http://www.chromium.org/chromium-os/building-chromium-os - I'm currently in t

VUPEN - KDE kdelibs Floating Point Numbers Memory Corruption Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in KDE kdelibs, which could be exploited by attackers to compromise a vulnerable system...

VUPEN - K-Meleon Floating Point Numbers Memory Corruption Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in K-Meleon, which could be exploited by attackers to compromise a vulnerable system...

VUPEN - PEAR Mail "form" Parameter Sendmail Argument Injection Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in PEAR Mail, which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information...

SuSE 11.0 Security Update: qemu (2009-11-12)
Nessus.org Plugins
Synopsis :

The remote SuSE system is missing a security patch for qemu

Description :

The VNC server of qemu was vulnerable to use-after-free
bugs, that allowed the execution of code on the host system
ini

SuSE 11.1 Security Update: qemu (2009-11-12)
Nessus.org Plugins
Synopsis :

The remote SuSE system is missing a security patch for qemu

Description :

The VNC server of qemu was vulnerable to use-after-free
bugs, that allowed the execution of code on the host system
ini

Microsoft denies building security 'backdoor' in Windows 7
Techworld.com Security News
Privacy organisations shouldn't read too much into NSA involvement it says

Microsoft has denied building a backdoor into Windows 7, responding to concerns from privacy organisations after it was revealed that the Nationa

How to avoid joining a botnet
Techworld.com Security News
3 easy steps to web security

Banging the drum for security awareness never gets old. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need remindi

Hackers Comcast.net aangeklaagd
Security.NL nieuws
De drie hackers die er vorig jaar in slaagden de DNS van internetprovider Comcast te kapen, zijn door de Amerikaanse overheid aangeklaagd.

Palin noemt hackeraanval dieptepunt van campagne
Security.NL nieuws
Het kraken van Sarah Palin's persoonlijke e-mailadres was voor de Republikeinse kandidaat-vice-president het dieptepunt in haar campagne, zo laat ze in haar boek 'Going Rogue: An American Life' weten.

Nieuwe worm bouwt eerste iPhone botnet
Security.NL nieuws
Na verschillende onschuldige iPhone wormen, is er nu een zeer gevaarlijke variant gesignaleerd die het eerste iPhone botnet aan het bouwen is, zo laat XS4ALL aan Security.nl weten.

Wrecking CRU: hackers cause massive climate data breach
The Register - Security

Secretive scientists' source code goes walkabout

The University of East Anglia has confirmed that a data breach has put a large quantity of emails and other documents from staff at its Climate Research Unit online. CRU is one of the three lead

QinetiQ mail virus patent attracts barbs
The Register - Security: Anti-Virus

Looks a bit familiar

An anti-virus expert has poured cold water on a patent from British technology firm QinetiQ that supposedly offers a new technique for tackling malicious email attachments.

Three Charged in Comcast Cyber-Attack
Security - RSS Feeds
Three men were charged by federal indictment Nov. 19 in connection with attacking Comcast.net and redirecting traffic to sites under their control. The group altered Comcast's DNS records and is estimated to have cost the company more than $128,000.

10 Lessons Google Must Learn About OS Security
LinuxSecurity.com - Latest News
LinuxSecurity.com: News Analysis: Google is new to the operating system market, so it has to demonstrate that it understands how to build and maintain a secure Web OS. The history of Windows security has shown there are many avenues of attack again

Arrested: Suspected Zeus Trojan distributors
silicon.com :
None

VUPEN - PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
VUPEN Security Advisories
Multiple vulnerabilities have been identified in PHP, which could be exploited by attackers to cause a denial of service or bypass security restrictions...

VUPEN - Cisco VPN Client "cvpnd.exe" Local Denial of Service Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in Cisco VPN Client, which could be exploited by local attackers to cause a denial of service...

VUPEN - Opera Floating Point Number Handling Memory Corruption Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in Opera, which could be exploited by attackers to compromise a vulnerable system...

Wpad.cn gevaarlijkste domeinnaam in China
Security.NL nieuws
Een Chinese domeinnaam die voor 1200 euro wordt aangeboden, zou aanvallers informatie over miljoenen Chinezen geven en helpen bij het uitvoeren van phishingaanvallen en andere soorten fraude.

IE8-lek maakt veilige websites onveilig
Security.NL nieuws
Een beveiligingsmaatregel in Internet Explorer 8 bevat een lek, waardoor websites die in principe veilig zijn, kunnen worden aangevallen.

Microsoft: Chrome OS features zijn niet alles
Security.NL nieuws
Microsoft verschilt van mening met Google over hoe je een veilig besturingssysteem ontwikkelt, volgens de softwaregigant gaat het namelijk niet om de features, maar om de toegepaste processen.

Security.nl Pencak Silat team knokt in Vietnam
Security.NL nieuws
Sinds 2006 sponsort Security.nl n van de beste Pencak Silat teams van Nederland en Europa en de heren en dame van Team Bongkot zijn op dit moment in Vietnam aan het knokken.

Cisco lanceert iPhone security app
Security.NL nieuws
Cisco biedt een gratis iPhone app aan die gebruikers allerlei beveiligingsinformatie geeft, zoals waarschuwingen, IPS signatures, security bulletins, uitbraken en links naar security blogs, persberichten, Twitter en Podcasts.

MS discovers flaw in Google plug-in for IE
The Register - Security

Google whacked

Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users.


Security Pro Says New SSL Attack Can Hit Many Sites (PC World)
Yahoo! News: Security News
PC World - A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very pow

Microsoft Uncovers Vulnerability in Google Chrome Plug-in for IE
Security - RSS Feeds
Microsoft uncovered a vulnerability in a controversial Google plug-in for Internet Explorer that could be exploited to bypass cross-origin protections. Google patched the issue this week in an update.
- Microsoft researchers uncovered a flaw in t

VUPEN - SuSE Security Update Fixes Java Code Execution Vulnerabilities
VUPEN Security Advisories
Multiple vulnerabilities have been identified in SuSE, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system...

VUPEN - HP Color LaserJet Remote Unauthorized Access and DoS Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in HP Color LaserJet, which could be exploited by attackers to cause a denial of service or gain knowledge of sensitive information...

VUPEN - Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in Linux Kernel, which could be exploited by local attackers to cause a denial of service or gain elevated privileges...

How To Remember What You Forgot: Your Internal Google Comes To Rescue
The Best Article Every day
How to remember what you forgot? Is there a way to instruct your brain to remember those things that are buried under hundreds of layers of memories? Yes there is, and you have it since you were born. How_to_remember_what_you
        <br>

        </span> </p>

      <p><a href=Microsoft ontkent backdoor in Windows 7
Security.NL nieuws
De NSA liet tijdens een hoorzitting voor de Amerikaanse senaat weten dat het had meegeholpen aan Windows 7, maar volgens Microsoft zijn er geen achterdeurtjes aangebracht.

Google: Chrome OS veiliger dan Windows
Security.NL nieuws
Google heeft het eigen besturingssysteem Chromium aan de wereld gepresenteerd, dat volgens de zoekgigant veiliger dan traditionele besturingssystemen zal zijn.

Older News

Zorgverzekeraar verliest 1,5 miljoen patintendossiers
Security.NL nieuws

Tiener krijgt jaar celstraf wegens DDoS-aanval
Security.NL nieuws

Health Net says 1.5M medical records lost in data breach
None

Cyberattacks on U.S. military jump sharply in 2009
Network World on Security

Microsoft denies it built 'backdoor' in Windows 7
Network World on Security

More vigilance needed as social networking rises: F-Secure
Network World on Security

Most security products flunk test on basic use: ICSA Labs
Network World on Security

Track your stolen laptop for free with Prey
Network World on Security

Businesses slow to adapt to changing security environment
Network World on Security

Security pro says new SSL attack can hit many sites
Network World on Security

Three indicted for Comcast hack last year
Network World on Security

Cisco's free iPhone app grabs security feeds
Network World on Security

Fake Payment Request Attack Ramps Up
None

Symantec's 'Unlucky 13' Security Trends for 2010
InternetNews.com Security News

Cisco launches iPhone security app
CNET News.com - Security

Fortified rice, fuel cells among Tech Award winners
CNET News.com - Security

Town to photograph every car that enters and leaves
CNET News.com - Security

Learn: Windows 7 Multi-Touch Overview
MSDN: Security

Get the SQL Server 2008 R2 November CTP
MSDN: Security

House Panel Moves Closer to Privacy Bill
InternetNews.com Security News

IE8 bug makes 'safe' sites unsafe
The Register - Security

PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related., (Fri, Nov 20th)
SANS Internet Storm Center, InfoCON: green

SUSE Security Announcement - java-1_6_0-sun (SUSE-SA:2009:058)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - kino (MDVA-2009:210)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - pango (MDVA-2009:211)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - SDL_image (MDVA-2009:212)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - perl-URPM (MDVA-2009:213)
Help Net Security - Advisories

An introduction to the FBI's anti-cyber crime network
Hack In The Box

Police arrest pair over global banking web scam
Techworld.com Security News

Pentagon expands exclusive deal with McAfee
Techworld.com Security News

10 Lessons Google Must Learn About OS Security
Security - RSS Feeds

Up Close and Technical look at SocialPet
Security - RSS Feeds

Google Chrome OS Security Model Breaks the Traditional Mold
Security - RSS Feeds

Announcement: SecureWorks' Counter Threat Unit(sm) Researcher Ben Feinstein Presents Emerging Cyber Threats at MasterCard's Global Risk Management Conference in Europe
SecureWorks Info Feed

News: With Botnets Everywhere, DDoS Attacks Get Cheaper (CIO Magazine)
SecureWorks Info Feed

Announcement: SecureWorks Counter Threat Unit Researcher Joe Stewart to Keynote the Anti-Phishing Working Group Summit
SecureWorks Info Feed

News: DIY: Defending Against A DDoS Attack (Dark Reading)
SecureWorks Info Feed

Threat Analysis: The Underground Economy of the Pay-Per-Install (PPI) Business
SecureWorks Info Feed

Announcement: UK-Based Nebulas Solutions Launches Managed Security Services from SecureWorks Giving Customers a Local Service with Global Reach
SecureWorks Info Feed

News: Is Your Online Bank Account Safe? (Forbes)
SecureWorks Info Feed

Threat Analysis: Static Binary Analysis of Recent SMBv2 Vulnerability
SecureWorks Info Feed

Announcement: SecureWorks Ranked Number 270th Fastest Growing Company in North America on Deloittes 2009 Technology Fast 500(tm): Attributes its 492 Percent Revenue Growth to Award-Winning Security Services and Excellent Client Service
SecureWorks Info Feed

News: New Trojan Kills The Zeus Trojan (Dark Reading)
SecureWorks Info Feed


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2005 jose nazario, all rights reserved. this page is available as RSS 2.0.