Last updated:
Sat Nov 7 20:12:16 2009 GMT
  2008 FIRST Annual Conference in Japan - Register now


Recent bugs
via SecurityFocus,
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
PDFLib 'open_basedir' Restriction Bypass Vulnerability
Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
Citrix NetScaler and Access Gateway Denial Of Service Vulnerability
Linux Kernel Subsystem Connector Missing Capability Check Security Bypass Vulnerabilities
Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
Blender '.blend' file Remote Command Execution Vulnerability
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
Recent advisories
via Secunia, US-CERT,
TA09-294A: Oracle Updates for Multiple Vulnerabilities
TA09-286B: Adobe Reader and Acrobat Vulnerabilities
TA09-286A: Microsoft Updates for Multiple Vulnerabilities
TA09-251A: Microsoft Updates for Multiple Vulnerabilities
TA09-223A: Microsoft Updates for Multiple Vulnerabilities
TA09-218A: Apple Updates for Multiple Vulnerabilities
TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities
TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products
TA09-195A: Microsoft Updates for Multiple Vulnerabilities
TA09-187A: Microsoft Video ActiveX Control Vulnerability
TA09-160A: Microsoft Updates for Multiple Vulnerabilities
TA09-161A: Adobe Acrobat and Reader Vulnerabilities
TA09-133A: Apple Updates for Multiple Vulnerabilities
TA09-133B: Adobe Reader and Acrobat JavaScript Vulnerabilities
TA09-132A: Microsoft PowerPoint Multiple Vulnerabilities
TA09-105A: Oracle Updates for Multiple Vulnerabilities
TA09-104A: Microsoft Updates for Multiple Vulnerabilities
TA09-088A: Conficker Worm Targets Microsoft Windows Systems
TA09-069A: Microsoft Updates for Multiple Vulnerabilities
TA09-051A: Adobe Acrobat and Reader Vulnerability
Bugtraq Topics
via SecurityFocus,
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
[ MDVSA-2009:294 ] firefox
Php 5.3.0 pdflib extension open_basedir bypass
[ GLSA 200911-01 ] Horde: Multiple vulnerabilities
CORE-2009-0912: Blender .blend Project Arbitrary Command Execution
ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability
[USN-854-1] GD library vulnerabilities
[USN-855-1] libhtml-parser-perl vulnerability
Re: /proc filesystem allows bypassing directory permissions on
CONFidence 2.0 schedule online - last time to register
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-059 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
MS09-058 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
MS09-057 - Important: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
MS09-056 - Important: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
MS09-055 - Critical: Cumulative Security Update of ActiveX Kill Bits (973525)
MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455)
MS09-053 - Important: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Stock Watch
via Yahoo! Finance
Updated 3/1/2008
TMICY.PK 34.25 +0.10
TMWD 1.28 -0.02
NASDAQ 2271.48 -60.09
AMD 7.21 +0.19
BCSI 23.48 -0.50
CA 22.88 -0.24
CIC.TO 1.48 -0.09
CKP 24.20 -0.48
CSCO 24.39 -0.27
CWDW.OB 0.0034 -0.0006
FIRE 6.00 -0.34
IBM 113.86 -1.38
INTC 19.9699 -0.5201
INTZ.OB 0.15 +0.01
JNPR 26.82 -1.77
MFE 33.27 -0.98
MSFT 27.1999 -0.7301
PKTR 4.47 -0.12
SCLD 0.89 +0.0201
SNWL 8.33 -0.18
SYMC 16.84 -0.45
VRSN 34.80 -1.20
WBSN 19.47 -0.02

 

Recent News

Debian Security Advisory - New drupal6 packages fix several vulnerabilities (DSA 1930-1)
Help Net Security - Advisories
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1930-1 security@debian.org http://www.debian.org/security/ ...

Does Wine Make Linux Too Loose?
LinuxSecurity.com - Latest News
LinuxSecurity.com: For those Wine aficionados out there, beware of the remote possibility that your Linux system could be infected by Windows-seeking malware. "WINE running a Windows virus is nothing more than a 'stupid Linux trick' ... for now," s

DSA-1930 drupal6
Debian Security
several vulnerabilities

VMware ACE, Player, Workstation: buffer overflow of VMnc
Vigil@nce - public vulnerabilities
An attacker can invite the victim to see a malicious video, in order to execute code on VMware ACE, Player or Workstation.

Evolution, yTNEF: vulnerabilities
Vigil@nce - public vulnerabilities
Several vulnerabilities of yTNEF and of the Evolution TNEF plugin can be used by an attacker to create a file or to execute code on victim's computer.

Fake security tools still big threat, worms on rise
Network World on Security
The No. 1 offender to Canadian's PCs in the first half of 2009 was Win32/ZangoSearchAssistant, adware that victims probably don't even know hit them, according to a recent security report from Microsoft Corp.

Switchers Guide: Understanding Mac security
Network World on Security
When it comes to security, using Windows can feel like living in the heart of a big city--the kind of place where you can install all the locks and alarms you want, but you still worry. The vast number of computer users who run Microsoft operating systems

Video: A new workout for the Wii
CNET News.com - Security
Ubisoft's upcoming fitness game, YourShape, promises an experience a step up from Wii Fit. In the process, can it help revitalize the Nintendo console?

Google Chrome < 3.0.195.32 Multiple Vulnerabilities
Nessus.org Plugins
Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 3.0.195.32. Such ve

DSA-1928 linux-2.6.24
Debian Security
privilege escalation/denial of service/sensitive memory leak

DSA-1929 linux-2.6
Debian Security
privilege escalation/denial of service/sensitive memory leak

Vint Cerf: 'Google doesn't know who you are'
The Register - Security

Identifiers don't identify

Interwebs founding father and Google evangelist Vint Cerf has insisted that when you search Google, the compan

Government Must Attract More Cyber-Security Talent
Hack In The Box
As if running a government cyber-security program wasn't already challenging, a recently released report by Booz Allen Hamilton and the Partnership for Public Service titled Cyber In-Security reminds us that one of the critical, nontechnical problems lurk

Australian internet provider BigPond is latest Twitter hack victim
Hack In The Box
Australian internet provider BigPond has become the latest internet company to be targeted by hackers on Twitter, after one of its accounts was hijacked as part of a phishing scam. The company, a subsidiary of Sydney-based telecommunications giant Telstr

Switchers Guide: Understanding Mac Security
Hack In The Box
When it comes to security, using Windows can feel like living in the heart of a big city--the kind of place where you can install all the locks and alarms you want, but you still worry. The vast number of computer users who run Microsoft operating systems

Private Investigators Capture Major Modern Warfare 2 Pirate
Hack In The Box
Modern Warfare 2 has been leaked onto the Internet, prompting Microsoft to announce that they will actively pursue any Xbox 360 piracy. In the meantime though, it appears that the original perpetrator has been arrested. Venturebeat is reporting that Chri

Apple Building iPhone Prototypes with RFID?
Hack In The Box
A site focused on Near Field Communications has reported that Apple has built new iPhone prototypes with hardware support for sensing RFID chips. RFID (Radio-Frequency IDentification) is a technology that allows a device to sense embedded chips in nearb

Think you've won a MacBook Air? Beware email malware attack
Hack In The Box
Apple's super-skinny MacBook Air is one of the most desirable laptops on the planet - which means it's not too surprising if criminals try and take advantage of its allure to infect unsuspecting computer users. And that's exactly what hackers are doing t

Let's Give the iPhone Hackers a Big Round of Applause
Hack In The Box
I'm the kind of guy who rarely bothers to hack my devices. By "hack," I mean use the hacks and instructions of those who are much more intrepid than I. Tinkering with a device that I shelled out hundreds of dollars for, if not more, isn't something I take

Hacker attacks Costa Rican presidents website
Hack In The Box
A hacker attacked the Costa Rican presidents official website, slightly altering the sites content and forcing officials to take it down, the office of the president said. The hacker launched the attack around 9.30 a.m. Wednesday, taking advantage of a w

Have play.com been sending customers details to everyone?
Hack In The Box
It seems that something has gone horribly wrong at the HQ of play.com over the past few hours, if the word of BW reader Wout is anything to go by. Hes been having problems getting to speak to any of their customer service reps and reports that the line c

Dell Unleashes Worlds Thinnest Notebook
Hack In The Box
Dell on Thursday finally announced its highly-anticipated Adamo XPS notebook, which is currently the worlds thinnest laptop. Measuring just 9.99mm in thickness, Dell Adamo XPS packs in 4GB of memory and relatively powerful fully-fledged dual-core micropro

Signature of Antimatter Detected in Lightning
Hack In The Box
Designed to scan the heavens thousands to billions of light-years beyond the solar system, the Fermi Gamma-ray Space Telescope has now recorded some more down-to-Earth signals. During its first 14 months of operation, the flying observatory has detected 1

Dashboard shows what Google knows about you
Hack In The Box
Ever wonder exactly what Google knows about you? Google today took a step to help answer that question with the unveiling of Google Dashboard, which is designed to let users see and control the extensive amount of data that Google has stored in its serve

Twitter Investigating Elevated Errors
Hack In The Box
This is potentially minor as none of us at Team Mashable have spotted any, but Twitter reports looking into the source of elevated errors on the site currently. There appear to be more folks retweeting the status post than actually reporting errors thems

Parallels Desktop 5: A Speedy And Useful Virtualization Software For Mac Users
Hack In The Box
The MAC OS installed with Apple Macintosh computers is a robust and Popular OS and it has enjoyed uninterrupted popularity among the Mac users since its inception. However, those who want to get a feel of Windows on their Macs often opt for virtualization

Space Debris Threatens Space Station
Hack In The Box
NASA alerts International Space Station crew of nearing Russian Cosmos space debris that might force astronauts to sleep in Soyuz module. NASA informed the crew of the ISS (International Space Station) that the spacecraft could be menaced Nov. 6 by a piec

IT hack creates his own iPhone app Stuck4Words
Hack In The Box
Journalist are habitually accused of over-hyping the iPhone, so legendary electronics hack, David Manners, has decided to go that one step further. Hes created his own iPhone app (with a couple of mates) entitled Stuck4Words. Actually, David has manage

Expect big demand for open source software skills in 2010
Hack In The Box
Open source software appeals to many in IT for its low -- or nonexistent entry price -- and flexibility, and now that appeal is growing on hiring managers, according to IT talent experts, who report that companies will in 2010 seek candidates with high-te

IT Managers Still Believe Outsourcing Poses Security Risk
Hack In The Box
Outsourcing is a fact of life now in corporate business, so much so that a recent YouGov survey found that 89 percent of IT managers in large UK companies have outsourced at least one IT system. However, the same research commissioned by NCC Group, also

Fake security tools still big threat, worms on rise
Hack In The Box
The No. 1 offender to Canadian's PCs in the first half of 2009 was Win32/ZangoSearchAssistant, adware that victims probably don't even know hit them, according to a recent security report from Microsoft Corp. ZangoSearchAssistant tricks unsuspecting user

GFI Acquires Spam Blocklist SORBS
Internet Security News
Control of the Spam and Open Relay Blocking System (SORBS) has officially changed hands. Security specialist GFI confirmed its acquisition of SORBS late yesterday, and also shared an idea or two about what it will do with the entity.

Laptop Heist Exposes Doctors' Personal Data
InternetNews.com Security News
Another stolen laptop puts thousands of people's personal data at risk but this time it's the caregivers -- not the patients -- who are at risk.

Facebook, MySpace Talk Tough on App Scams
InternetNews.com Security News
Social networking leaders tighten policies about deceptive ads in third-party apps.

Kaspersky Lab releases antivirus app (Macworld.com)
Yahoo! News: Security News
Macworld.com - If you want make a Mac user mad, just sidle up and whisper the words, Mac security software. Then step back as the incensed sputtering ensues.

10 Essential Third Party Security Apps for Windows 7
Security - RSS Feeds
Now that users have their hands on Windows 7, it's time to secure it. They could always use solutions from Microsoft, like Security Essentials, but in many cases, third-party applications do a much better job of ensuring a system is kept secure. Third-pa

New version of OpenSSL released - OpenSSL 0.9.8l, (Fri, Nov 6th)
SANS Internet Storm Center, InfoCON: green
Due to the recent publishing of information regarding a TLS/SSL protocol vulnerability (previous ...(more)...

Is Net Neutrality a Communist Plot? "Declassified DoD Film"
RISKS Digest
None

'Robot' computer to mark English essays
RISKS Digest
None

Risks of Using Encryption
RISKS Digest
None

AMEX sends USB trojan keyboards in ads
RISKS Digest
None

Spam forged from .gov and .mil
RISKS Digest
None

Privacy of health care info & health insurers
RISKS Digest
None

Drivers ticketed for not speaking English - misapplication of UI
RISKS Digest
None

Massive Gene Database Planned in California
RISKS Digest
None

Older News

Facebook 'Suggests Contacting Dead Friends'
RISKS Digest

Fugitive caught via Facebook updates
RISKS Digest

File share leaks data on US Congress members under investigation
RISKS Digest

T-Mobile suffers major outage: nationwide or nearly so
RISKS Digest

Washington Metro system communications depend on single data center
RISKS Digest

Central Traffic unControl === gridlock
RISKS Digest

"Jimmy Carter era" computer causes traffic jams
RISKS Digest

Develop Windows 7 Applications
MSDN: Security

Microsoft Silverlight: Light Up the Web
MSDN: Security

Gentoo Linux Security Advisory - Horde: Multiple vulnerabilities (GLSA 200911-01)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - mdkonline (MDVA-2009:184)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - msec (MDVA-2009:185)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - firefox (MDVA-2009:186)
Help Net Security - Advisories

Expert calls SSL protocol vulnerability a non issue
LinuxSecurity.com - Latest News

Controversial email blocklist SORBS sold
LinuxSecurity.com - Latest News

Fedora 11 2009-11032: kernel
Nessus.org Plugins

Fedora 11 2009-11034: alienarena-data
Nessus.org Plugins

Fedora 9 2009-11038: kernel
Nessus.org Plugins

Fedora 10 2009-11066: alienarena-data
Nessus.org Plugins

FreeBSD : typo3 -- multiple vulnerabilities in TYPO3 Core (5188)
Nessus.org Plugins

MDVA-2009:183: nvidia
Nessus.org Plugins

SuSE Security Update: Security update for xpdf (xpdf-6556)
Nessus.org Plugins

USN854-1 : libgd2 vulnerabilities
Nessus.org Plugins

USN855-1 : libhtml-parser-perl vulnerability
Nessus.org Plugins

Using NetBIOS to retrieve information from a Windows host
Nessus.org Plugins

Using SMB to retrieve information from a Windows host
Nessus.org Plugins

Microsoft Windows SMB Shares Unprivileged Access
Nessus.org Plugins

Novell eDirectory < 8.8.5 ftf1/8.7.3.10 ftf2 NULL Base DN DoS
Nessus.org Plugins

Doctor sentenced for massive online Rx factory
The Register - Security

Photos: Emerging devices at AT&T Labs
CNET News.com - Security

You don't know tech: The InfoWorld news quiz
Network World on Security

EU promises illegal downloaders a fair trial
Network World on Security

Gumblar malware's home domain is active again
Network World on Security

EU sanctions 'three strikes' rule for illegal file sharers
LinuxSecurity.com - Latest News

Google privacy controls: Most people won't care
LinuxSecurity.com - Latest News

CAINE - Open Source Digital Forensics Environment - Now Available
LinuxSecurity.com - Latest News

Open Source You Can Use, November Edition
LinuxSecurity.com - Latest News

Turning clouds into crackers: $45 a password
LinuxSecurity.com - Latest News

Cyber Secure Institute: Linux Isnt Significantly More Secure
LinuxSecurity.com - Latest News

eBay's Skype sale gets green light
silicon.com :

BSD: memory corruption via printf
Vigil@nce - public vulnerabilities

VUPEN - Apple Mac OS X "ptrace()" Local Denial of Service Vulnerability
VUPEN Security Advisories

VUPEN - OpenSSL Session Renegotiation Plaintext Injection Vulnerability
VUPEN Security Advisories

VUPEN - GnuTLS TLS Session Renegotiation Plaintext Injection Vulnerability
VUPEN Security Advisories


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2005 jose nazario, all rights reserved. this page is available as RSS 2.0.