Last updated:
Tue Feb 9 14:12:20 2010 GMT
  2008 FIRST Annual Conference in Japan - Register now


Recent bugs
via SecurityFocus,
Bugzilla Group Selection During Bug Move Information Disclosure Vulnerability
Bugzilla Directory Access Information Disclosure Vulnerability
gnome-screensaver Monitor Removal Lock Bypass Vulnerability
SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability
Oracle 11gR2 Remote Command Execution Vulnerability
OCS Inventory NG Cross Site Scripting and SQL Injection Vulnerabilities
OpenBB Multiple SQL Injection Vulnerabilities
Joomla! 'com_photoblog' Component 'blog' Parameter SQL Injection Vulnerability
Novell iPrint Client Remote Buffer Overflow Vulnerabilities
Apple Safari Remote Denial Of Service Vulnerability
Recent advisories
via Secunia, US-CERT,
TA10-021A: Microsoft Internet Explorer Vulnerabilities
TA10-013A: Adobe Reader and Acrobat Vulnerabilities
TA10-012A: Oracle Updates for Multiple Vulnerabilities
TA10-012B: Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities
TA09-343A: Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR
TA09-342A: Microsoft Updates for Multiple Vulnerabilities
TA09-314A: Microsoft Updates for Multiple Vulnerabilities
TA09-294A: Oracle Updates for Multiple Vulnerabilities
TA09-286B: Adobe Reader and Acrobat Vulnerabilities
TA09-286A: Microsoft Updates for Multiple Vulnerabilities
TA09-251A: Microsoft Updates for Multiple Vulnerabilities
TA09-223A: Microsoft Updates for Multiple Vulnerabilities
TA09-218A: Apple Updates for Multiple Vulnerabilities
TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities
TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products
TA09-195A: Microsoft Updates for Multiple Vulnerabilities
TA09-187A: Microsoft Video ActiveX Control Vulnerability
TA09-160A: Microsoft Updates for Multiple Vulnerabilities
TA09-161A: Adobe Acrobat and Reader Vulnerabilities
TA09-133A: Apple Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
[security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access
[ MDVSA-2010:034 ] kernel
RE: Samba Remote Zero-Day Exploit
[security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other
mongoose Space Character Remote File Disclosure Vulnerability
Re: Multiple vulnerabilities in XAMPP (advisory #7)
[Suspected Spam]Vulnerability in Tagcloud for DataLife Engine
[DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method
CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability
[ MDVSA-2010:033 ] squid
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS10-002 - Critical: Cumulative Security Update for Internet Explorer (978207)
MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
MS09-074 - Critical: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
MS09-073 - Important: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
MS09-072 - Critical: Cumulative Security Update for Internet Explorer (976325)
MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
MS09-070 - Important: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
MS09-069 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Stock Watch
via Yahoo! Finance
Updated 2/8/2010
NASDAQ 2126.05 unch
JNPR 24.91 unch
SYMC 17.01 unch
CSCO 23.499 unch
MFE 37.14 unch
CKP 15.02 unch
MSFT 27.72 unch
IBM 121.88 unch
INTC 19.35 unch
AMD 7.42 unch
SNWL 7.22 unch
CIC.TO 0.00 N/A
CA 21.52 unch
TMICY.PK 35.65 unch
WBSN 19.33 unch
BCSI 24.69 unch
SCLD 0.00 N/A
CWDW.OB 0.03 unch
VRSN 22.98 unch
INTZ.OB 0.40 unch
TMWD 0.00 unch
PKTR 0.00 unch
FIRE 22.27 unch

 

Recent News

VUPEN - Aruba Networks ArubaOS TLS Session Renegotiation Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in Aruba Networks ArubaOS, which could be exploited by attackers to manipulate certain data and information...

VUPEN - Novell eDirectory eMBox SOAP Request Denial of Service Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in Novell eDirectory, which could be exploited by remote attackers to cause a denial of service...

Malwarebytes' Anti-Malware Free review
Techworld.com Security News
Useful spyware scanner

You can't depend on just one program to protect you from rootkits, Trojans, viruses, worms, and other malicious code. The job is too important and the villains too numerous for that. So supplement your regul

BlackBerry spyware scare? Don't worry, yet
Techworld.com Security News
BlackBerry spyware is not as big a risk as it seems

Here we go again. Another BlackBerry security scare, in which some "noble" researcher explains to all of us blissfully-unaware BlackBerry users that our precious devices aren't n

Zweden gaat Cisco- en NASA-hacker vervolgen
Security.NL nieuws
Een Zweedse man die zes jaar geleden de netwerken van Cisco en NASA zou hebben gehackt en vervolgens allerlei broncode buitmaakte, zal in Zweden terechtstaan.

Video's en presentaties Black Hat conferentie online
Security.NL nieuws
Voor iedereen die vorige week de Black Hat hackerconferentie in Washington moest missen, is nu het media archief online gekomen.

Onderzoeker ontwikkelt anti-worm code
Security.NL nieuws
Onderzoekers hebben een nieuw algoritme ontwikkeld om de verspreiding van wormen in een vroeg stadium te stoppen.

Volledige disk encryptie voor Intel netbooks
Security.NL nieuws
Netbooks zouden niet over voldoende vermogen beschikken om volledige disk encryptie te ondersteunen, maar een Spaans beveiligingsbedrijf heeft de oplossing.

Safer Internet Day fights online foolhardiness
The Register - Security

Kids get CEOP IE - rest of you can look after yourselves

Young surfers are being encouraged to practise safe computing and use common sense online on Safer Internet Day today.


Global gov's shrugging lets cybercrims frolic
The Register - Security

Sex and drugs and Rickrolling in Madrid

Comment Someone will have to die before governments take cybercrime as seriously as they take digital piracy, a panel on cybercrime and internet security was told last week.


Microsoft, Google split over browser bug bounty
CNET News.com - Security
Google follows Mozilla in launching program to pay researchers who find bugs, but critics say it won't necessarily pay off.

Cisco ASA, Secure Desktop: Cross Site Scripting
Vigil@nce - public vulnerabilities
An attacker can generate a Cross Site Scripting in Cisco Secure Desktop.

VUPEN - Mandriva Security Update Fixes Kernel Memory Corruption Vulnerabilities
VUPEN Security Advisories
Two vulnerabilities have been identified in Mandriva, which could be exploited by local attackers to cause a denial of service or gain elevated privileges...

VUPEN - SuSE Security Update Fixes Kernel Security Bypass and DoS Issues
VUPEN Security Advisories
Multiple vulnerabilities have been identified in openSUSE, which could be exploited by attackers or malicious users to cause a denial of service, bypass security restrictions or gain elevated privileges...

VUPEN - Turbolinux Security Update Fixes BIND Cache Poisoning Vulnerabilities
VUPEN Security Advisories
Multiple vulnerabilities have been identified in Turbolinux, which could be exploited to conduct cache poisoning attacks...

VUPEN - Turbolinux Security Update Fixes GNU Gzip Two Vulnerabilities
VUPEN Security Advisories
Two vulnerabilities have been identified in Turbolinux, which could be exploited by attackers to compromise a vulnerable system...

VUPEN - Fedora Security Update Fixes Bugzilla Information Disclosure Issues
VUPEN Security Advisories
Two vulnerabilities have been identified in Fedora, which could be exploited by attackers to gain knowledge of sensitive information...

VUPEN - Fedora Security Update Fixes Gnome-screensaver Security Bypass
VUPEN Security Advisories
A weakness has been identified in Fedora, which could be exploited by attackers to bypass security restrictions...

VUPEN - Linux Kernel "do_pages_move()" Memory Disclosure and DoS Issue
VUPEN Security Advisories
A vulnerability has been identified in Linux Kernel, which could be exploited by local attackers to gain knowledge of sensitive information or cause a denial of service...

VUPEN - HP Operations Agent "opc_op" Account Empty Password Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in HP Operations Agent for Solaris, which could be exploited by remote attackers to compromise a vulnerable system...

VUPEN - Gefest Web Home Server Remote Directory Traversal Vulnerability
VUPEN Security Advisories
A vulnerability has been identified in Gefest Web Home Server, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system...

VUPEN - HP-UX Security Update Fixes Java Code Execution Vulnerabilities
VUPEN Security Advisories
Multiple vulnerabilities have been identified in HP-UX, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system...

Rugged Manifesto calls on developers for secure code
Techworld.com Security News
Security professionals call for better programming practices

Three respected security professionals have issued a call for developers to learn and practice secure programming in an effort to reduce the number of exploits directed

HTML 5 leaves client storage open to web attacks
Techworld.com Security News
Security researcher says web apps could be vulnerable

New forms of offline client-side storage, such as those specified by the emerging HTML 5 set of standards, could open entirely new kinds of attacks to Web application users, sa

Adobe sorry for 16-month-old Flash bug
Techworld.com Security News
Unpatched vulnerability 'slipped through the cracks'

Adobe apologised for letting a 16-month-old bug in Flash Player languish without a patch, even though it updated the popular plug-in four times since the flaw was reported.

<

Zweden gaat Cisco en NASA-hacker vervolgen
Security.NL nieuws
Een Zweedse man die zes jaar geleden de netwerken van Cisco en NASA zou hebben gehackt en vervolgens allerlei broncode buitmaakte, zal in Zweden terechtstaan.

"Contant geld over vijf jaar verleden tijd"
Security.NL nieuws
Over vijf jaar zal contant geld overal verdwenen zijn, zo voorspelt de Consumentenbond.

Zeus Trojan plundert rekeningen overheid
Security.NL nieuws
Beveiligingsbedrijf Websense waarschuwt voor een nieuwe variant van de Zeus Trojan die het op overheidsinstanties heeft voorzien.

Virusscanner voor Vodafone-gebruikers
Security.NL nieuws
De Finse virusbestrijder F-Secure heeft een overeenkomst met Telecomgigant Vodafone gesloten om zowel zakelijke als particuliere gebruikers tegen malware te beschermen.

"Google reclame toont gevaar zoekmachines"
Security.NL nieuws
De reclame die Google tijdens de Amerikaanse Super Bowl heeft laten zien, toont het gevaar van zoekmachines, aldus burgerrechtenbeweging EFF.

P2P-netwerken goudmijn voor identiteitsdieven
Security.NL nieuws
Ondanks verschillende incidenten met de Amerikaanse president, blijven P2P-netwerken een goudmijn voor identiteitsdieven, zo hebben beveiligingsonderzoekers ontdekt.

Google plugin laat Internet Explorer crashen
Security.NL nieuws
Google heeft verschillende fouten in een omstreden plugin voor Internet Explorer gepatcht, waardoor Microsoft's browser crashte.

Startup links VMware with Amazon to create secure cloud storage
Network World on Security
A startup called Nasuni has made software that adds security and performance features to Amazons cloud storage

The Latest BlackBerry Spyware Scare: Don't Worry, Yet
Network World on Security
Here we go again. Another BlackBerry security scare, in which some "noble" researcher explains to all of us blissfully-unaware BlackBerry users that our precious devices aren't nearly as safe as we think they are.

Poughkeepsie, N.Y. slams bank for $378,000 online theft
Network World on Security
The theft of $378,000 from the town of Poughkeepsie, N.Y. is raising questions about the responsibility of banks to protect customer accounts from online criminals.

Adobe apologizes for 16-month-old Flash bug
Network World on Security
Adobe apologized over the weekend for letting a 16-month-old bug in Flash Player languish without a patch, even though it updated the popular plug-in four times since the flaw was reported.

ShmooCon: Web app storage open to attack
Network World on Security
New forms of off-line client-side storage, such as those specified by the emerging HTML 5 set of standards, could open entirely new kinds of attacks to Web application users, said Michael Sutton, vice president of security research for cloud security firm

iHound aims to help you find your missing iPhone
Network World on Security
If you're outside Moscone Center for this week's Macworld Expo, and someone hands you a "Lost iPhone" sticker, don't toss it away. It could help you track down your phone, should it ever go missing.

Canon EOS Rebel T2i Invites Upgrade from Point-and-Shoot
None
As the new flagship in Canon's Digital Rebel line, the Canon EOS Rebel T2i complements the Canon EOS Rebel XS and the Canon EOS Rebel T1i.

PC Maintenance: What Tasks When?
None
Ruption18 asked the Answer Line forum what regular chores will keep his PC healthy.

Windows: two vulnerabilities of ADFS
Vigil@nce - public vulnerabilities
An authenticated attacker can use two vulnerabilities of ADFS, in order to spoof the identity of a user, or to execute code.

WordPad, Word: code execution via Word 97
Vigil@nce - public vulnerabilities
An attacker can invite the victim to open a malicious file in the Word 97 format, in order to execute code when it is converted by WordPad or Word.

Microsoft Project: code execution
Vigil@nce - public vulnerabilities
An attacker can invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer.

Windows: vulnerabilities of the Indeo codec
Vigil@nce - public vulnerabilities
An attacker can invite the victim to play malicious multimedia documents, in order to execute code in his computer.

Intel, IBM roll out new computer network chips
Hack In The Box
US technology titans IBM and Intel have rolled out powerful new computer chips designed for businesses continually demanding more from networks and data centers. Intel introduced an Itanium processor 9300 series developed under the code name "Tukwila" th

Older News

Korean government to spend $341M on IT workforce training
Hack In The Box

IT hiring jumps in January
Hack In The Box

Conficker outbreak infects Leeds hospital servers
Hack In The Box

Adobe apologizes for festering Flash crash bug
Hack In The Box

Special Report: HITB2009 CTF Weapons of Mass Destruction
Hack In The Box

Symantec Slapped with Class Action Lawsuit
About Antivirus Software

Hackers training website shut down by China government
Hack In The Box

95% of user-generated content was malicious in 2H 2009
Hack In The Box

IT Outsourcing: Why It Pays to Appraise Your Contract
Hack In The Box

Inside CloudLinux's New Linux-Based Cloud OS
Hack In The Box

Germany to purchase stolen Swiss bank data for $3.5 million
Hack In The Box

How O2 secured its network for the iPhone
Hack In The Box

Critical infrastructure under constant cyberattack
Hack In The Box

150m sting to infect computers with porn
Hack In The Box

Open source means freedom from 'anti-features'
Hack In The Box

YouTube confirms IPv6 support
Hack In The Box

How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5
Hack In The Box

Former Intel Exec Pleads Guilty in Galleon Insider Case
Hack In The Box

AMD Reveals Fusion CPU+GPU, To Challege Intel in Laptops
Hack In The Box

Microsoft's Windows 7 chief: It's not us; it's your batteries
Hack In The Box

Google warns Chinese copycat Web site
Hack In The Box

The Biggest Security Breeches of 2009
InternetNews.com Security News

Conficker outbreak infects Leeds hospital servers
The Register - Security

Adobe apologizes for festering Flash crash bug
The Register - Security

When is a 0day not a 0day? Samba symlink bad default config, (Tue, Feb 9th)
SANS Internet Storm Center, InfoCON: green

Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html, (Tue, Feb 9
SANS Internet Storm Center, InfoCON: green

U.S. MSDN Premium Subscribers: Test and Develop at No Cost on Windows Azure
MSDN: Security

Learn from the Best in Web Design and Development at MIX10
MSDN: Security

Oracle issues emergency security patch for WebLogic
The Register - Security

Security chip that does encryption in PCs hacked (AP)
Yahoo! News: Security News

Summary Box: New attack shows security chip hole (AP)
Yahoo! News: Security News

News: Botnet Targets Web Sites With Junk SSL Connections (Slashdot)
SecureWorks Info Feed

News: Botnet Attack on CIA and Other Sites Failing (PC Magazine)
SecureWorks Info Feed

News: Cyberthieves are hiring, using online ads (Reuters)
SecureWorks Info Feed

News: Get Paid to Install Malware (Technology Review)
SecureWorks Info Feed

Announcement: Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009 according to SecureWorks' Data
SecureWorks Info Feed

News: China Closes Hacker Training Site (Information Week)
SecureWorks Info Feed

SUSE Security Announcement - Linux kernel (SUSE-SA:2010:010)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - kernel (MDVSA-2010:034)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - mmc-agent (MDVA-2010:050)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - microcode_ctl (MDVA-2010:052)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - mmc-web-base (MDVA-2010:051)
Help Net Security - Advisories

Mandriva Linux Security Update Advisory - mmc-wizard (MDVA-2010:053)
Help Net Security - Advisories

Linux kernel: incorrect permissions on devtmpfs
Vigil@nce - public vulnerabilities


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.