Google's Android: Beware the malware?

New threats ahead, warns security researcher

MoD admits losing nearly 2m recruits' details

None

Home Office turns down Nasa hacker's appeal

None

Vuln: Red Hat OpenSSH Backdoor Vulnerability

Red Hat OpenSSH Backdoor Vulnerability

Vuln: vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability

vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability

FrSIRT - FUJITSU Products "RemoteFilterValve" Security Bypass Vulnerability

A vulnerability has been identified in various FUJITSU products, which could be exploited by attackers to bypass security restrictions...

FrSIRT - WinFTP "PASV" Command Remote Denial of Service Vulnerability

A vulnerability has been identified in WinFTP Server, which could be exploited by attackers to cause a denial of service...

FrSIRT - NoticeWare Email Server POP3 Remote Denial of Service Vulnerability

A vulnerability has been identified in NoticeWare Email Server, which could be exploited by attackers to cause a denial of service...

FrSIRT - XM Easy Personal FTP Server Remote Denial of Service Vulnerability

A vulnerability has been identified in XM Easy Personal FTP Server, which could be exploited by attackers to cause a denial of service...

FrSIRT - RaidenFTPD "CWD" and "MLST" Commands DoS Vulnerability

A vulnerability has been identified in RaidenFTPD, which could be exploited by attackers or malicious users to cause a denial of service...

Security suites fail exploit tests

Atrocious preformance by leading suites.

Security suites don't protect users from real-world exploits, a bug tracking company has claimed after launching 300 test attacks against a dozen programs, including popular software from M

Windows hit by fake security emails

Haxdoor malware tries new technique.

Scammers are sending out fake emails that claim to include critical Windows security alerts, Microsoft warned Monday.

Autisme kan NASA-hacker McKinnon niet redden

De oproep van autismespecialisten aan de Britse Minister van Binnenlandse Zaken Jacqui Smith, om NASA-hacker Gary McKinnon niet aan de Verenigde Staten uit te leveren, is niet succesvol gebleken.

Use Gmail to fight spam

Everybody has a favorite method for fighting spam, the bane of inboxes planet-wide. Tools like MailWasher and SpamAssassin get the job done for some, but I'm partial to another solution: Gmail.

Europe and the U.S.: The one way mirror

If you're an American and want a good chuckle, ask a European the following three things: 1) ask them to count to five on their fingers (Europeans will start with holding out their thumb to indicate the number one whereas Americans will start with their i

Blue Coat, partners pitch less expensive data-leak prevention

Blue Coat Systems says it and five partners can cut the cost of deploying data-leak prevention hardware by requiring fewer DLP devices to protect all sites in a corporate network.

When the watchdog is the underdog

Think your security staffers are trustworthy? Competent? Knowledgeable? Listen to a security professional's horror stories, and you might think again.

Microsoft readies first attack forecast

Microsoft will debut vulnerability predictions tomorrow when it issues 11 security updates for Windows, Office and Internet Explorer .

'Experimental' security fix is malware, Microsoft says

Scammers are sending out phoney e-mails that claim to include critical Windows security alerts, Microsoft warned Monday.

[3/5] Avaya Products Red Hat Tampered OpenSSH Packages

Avaya has acknowledged that a small number of OpenSSH packages have been tampered with.

http://secunia.com/Advisories/32241/

NOTE: This RSS feed does not include information abo

[2/5] Debian update for linux-2.6

Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges.

http

[3/5] ENOVIA Document Viewer Security Bypass

A vulnerability has been reported in ENOVIA, which can potentially be exploited by malicious people to disclose sensitive information.

http://secunia.com/Advisories/32105/

NOTE:

[3/5] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities

Avaya has acknowledged some vulnerabilities in Avaya AES / MX, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to disclose potentially sensitive information, and by malicious people to conduct c

[3/5] Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability

Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

http://secunia.com/Advisories/32263/

[3/5] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability
Some vulnerabilities have been reported in Linksys WAP4400N, where one has unknown impacts and the other can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.co

[1/5] Firefox .url Shortcut File Information Disclosure
A vulnerability has been reported in Firefox, which can be exploited by malicious people to disclose sensitive information.

http://secunia.com/Advisories/32192/

NOTE: This RSS f

[2/5] Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation
A vulnerability has been reported in Lenovo Rescue and Recovery, which potentially can be exploited by malicious, local users to gain escalated privileges.

http://secunia.com/Advisories/32252/

[3/5] IndexScript "parent_id" SQL Injection Vulnerability
d3v1l has reported a vulnerability in IndexScript, which can be exploited by malicious people to conduct SQL injection attacks.

http://secunia.com/Advisories/32173/

NOTE: This R

Security Suites falen detectie exploits
Dure Security Suites beweren tegen "alle" internetdreigingen bescherming te bieden, toch is dat zeker niet het geval, zo blijkt uit Deens onderzoek.

[DSA1650] DSA-1650-1 openldap2.3

Cameron Hotchkies discovered that the OpenLDAP server slapd, a free
implementation of the Lightweight Directory Access Protocol, could be
crashed by sending malformed ASN1 requests.
For the stable distribution (etch), this problem

[DSA1651] DSA-1651-1 ruby1.8

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following prob

[DSA1652] DSA-1652-1 ruby1.9

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following prob

FreeBSD : drupal -- multiple vulnerabilities (1174)

The remote host is missing an update to the system

The following package is affected: drupal5

Solution : Update the package on the remote host
See also :

FreeBSD : mysql -- command line client input validation vulnerability (1172)

The remote host is missing an update to the system

The following package is affected: mysql-client

Solution : Update the package on the remote host
See also :

FreeBSD : cups -- multiple vulnerabilities (1173)

The remote host is missing an update to the system

The following package is affected: cups-base

Solution : Update the package on the remote host
See also :

Steal This Comic
Note: the Amazon.com MP3 store sells DRM-free music. Kudos. Why not subscribe to avoid missing The Best Article Every day! A.at_adv_here_7342, A.at_pow_by_7342 {font-family: Arial,Sans-Serif; font-size: 10px; font-style: normal; font-weight: normal; fo

World Bank denies hackers pwned key systems
The World Bank has denied reports that hackers penetrated its network on multiple occasions over the last year. Fox News reports the financial institution has suffered at least six attacks since the middle of 2007. The assault emerged in the course of a

Shell-shocked banks must safeguard data
A leading UK technology security expert has warned banks and other finance institutions, trying to cope with expected mass redundancies caused by the current financial turmoil, to guard against the removal of sensitive data or systems infiltrated by hacke

Big leap in malicious Web sites
Spam and virus attacks are declining, but malicious Web sites have taken a big leap, according to the September Intelligence Report from MessageLabs.netbug.jpg The figures back up reports from numerous security firms and experts that Web-based attacks are

Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm
DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents u

Top security suites fail exploit tests
Security software suites don't protect users from real-world exploits, a bug-tracking company charged today after launching 300 test attacks against a dozen programs, including popular software from McAfee Inc., Symantec Corp. and Trend Micro Inc. "The I

Hackers hijack Patch Tuesday
On the second Tuesday of every month, Microsoft is now accustomed to releasing the patches and fixes for its various software packages. But now hackers are trying to take advantage of this and are sending out fake updates to dupe Microsoft software users

WiFi in hotels provide security risks to users
Insecure WiFi systems installed at hotels across the UK could be hacked. Following its claims that WiFi is no longer a secure method of connection last week, Global Secure Systems has warned that insecure WiFi systems installed at hotels across the UK co

Vietnamese student hacker arrested
Investigators say a high school student from the central province of Quang Nam has been arrested for allegedly hacking into local websites earlier this month. Authorities have declined to reveal the age or identity of the student who has admitted to hack

Bush Signs Law Creating Copyright Czar
President Bush on Monday signed into law legislation creating a copyright czar, a cabinet-level position on par with the nation's drug czar. Two weeks ago, the House sent the president the "Enforcement of Intellectual Property Rights Act" (.pdf), a measu

Hoping for AppleTV update at Apples notebook event
The clock is ticking toward the big Apple event - you know, the one where the company is expected to announce the sub-$1,000 notebook and/or a new design to the MacBook line and/or the move into Nvidias graphics chipset and/or something altogether differe

NSW Govt advised to give students Linux laptops
NSW school students could be supplied with Linux-based laptops as part of the state's efforts for the Digital Education Revolution [DER]. According to the Australian IT, the president of the NSW Secondary Principals' council has been pushing for laptops

Microsoft to buy BlackBerry
Microsoft may have its eye on Research in Motion (RIM), makers of the BlackBerry range of handsets, says one analyst. According to Canaccord Adams analyst Peter Misek, RIM's shares have plummted in recent months and a slow in spending thanks to the cred

Nokia poised to unveil first touchscreen N-Series
Now the Tube, or 5800 XpressMusic, is official were looking forward to a proper touchscreen N-Series phone. How long will we have to wait? Not long, says Nokia. According to Devinder Kishore, director of marketing for Nokia India, a touchscreen N-Series

RSA survey shows employees everyday behaviours puts sensitive business information at risk
RSA, The Security Division of EMC, today released the findings of its latest insider threats survey. The survey polled 417 people a heavy concentration of whom are employed in the finance and technology sectors who confessed to their work-related securi

PSP And PS3 Gets Updates
The PSP will be receiving a v5.00 update, while the PS3 will feature a v2.50 update. Nothing major or groundbreaking in either updates, but they do represent small steps forward. The PSP v5.00 will include the PlayStation Network icon on the XMB, allowing

Mozilla Labs pursues Web dev tools
Dissatisfied with the Web development tools already available, researchers at the newly formed Developer Tools Lab at Mozilla Labs intend to find better options. Announced Monday, the lab will be led by Dion Almaer and Ben Galbraith, who founded the Ajax

Microsoft ready for Silverlight's second act
Microsoft on Monday announced that it is ready with a final version of Silverlight 2. Silverlight 2 will be available for download starting Tuesday (US time), Microsoft said. Among the new features are support for digital rights management technology, im

Survey: IT execs afraid of job losses
IT executives are worried they may lose their jobs and feel more stressed at work, but still believe the sector can ride out the storm by keeping an eye on long-term goals, according to a survey by the Chartered Management Institute. The survey of over a

HP to manage PC manufacturing plant in China
Hewlett-Packard will manage a computer factory in Chongqing, China, part of a strategy to strengthen its operations in the country's less affluent Western region. The 20,000-square-meter plant will enter operation in 2010 and be used to produce desktop a

Blackmailing hacker hijacks hotel emails
Guests at the luxury hotel owned by the Thompson Group could have emails they sent while staying published on line, according to court documents filed last week. The documents detail how a hacker set up an open Wi-Fi portal at a hotel owned by the group

Reinventing SIP
Work on the Session Initiation Protocol (SIP) began in 1996 and the first standards track specification (RFC 2543) was out in 1999. The expectation was that SIP, as a peer-to-peer protocol, would redefine the very nature of telecommunications. No longer w

Massive quantum network unveiled
The world's largest quantum-encrypted network has been unveiled in Vienna, providing a glimpse of how data could be transmitted securely in the future. The network is the result of more than four years of work with 41 organisations from 12 countries work

Whopper of a Microsoft Patch Day for October
Looks as though Microsoft plans to pile it on for network administrators tomorrow. Last Thursday, they posted their monthly Advance Notification, letting us know they intend to release 11 security bulletins on Tuesday 14 October.

DSA-1653 linux-2.6
denial of service/privilege escalation

Day 14 - Containment: a Personal IdentityTheft Incident, (Tue, Oct 14th)
Containing a IDtheft incident can be seen from multiple sides. The organisation leaking the sensiti ...(more)...

'Experimental' security fix is malware, Microsoft says
None

'Experimental' security fix is malware, Microsoft says
None

'Experimental' security fix is malware, Microsoft says
None

'Experimental' security fix is malware, Microsoft says
None

'Experimental' security fix is malware, Microsoft says
None

Bugtraq: [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities
[SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities

Vuln: Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability
Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability

Brief: Apple closes open-source flaws with latest patch
Apple closes open-source flaws with latest patch

Google Downplays Talk of Security Vulnerabilities
Google is downplaying talk of security vulnerabilities linked to cross-domain Web application sharing. Two security researchers have posted details about security issues they say leave Google users vulnerable. Google though, says it has taken steps to pro

Judge orders Palin to preserve Yahoo e-mails
A judge in Alaska order Sarah Palin and others in her administration to preserve e-mail messages in their personal accounts that relate to state business.
MIT: Dirty coal to blame for China pollution--In a rare independent study of China's energy sector, researchers have found that

Inside CNET Labs 17: Terrorize 'This'!
Episode 17 of the Inside CNET Labs Podcast

Security software performs poorly in exploit test
Security software suites are doing a poor job of detecting when a PC's software is under attack, according to Danish vendor Secunia.

Top security suites fail exploit tests
None

Top security suites fail exploit tests
None

Top security suites fail exploit tests
None

Top security suites fail exploit tests
None

recent infosec news

Fake Microsoft security update spammed out to coincide with Patch Tuesday

FrSIRT - Linksys WAP4400N Denial of Service and SNMPv3 Issues

FrSIRT - Lenovo Rescue and Recovery Privilege Escalation Vulnerability

FBI gebruikt illegale hackersite als lokaas

Google verdient miljoenen aan typosquatting

Chinese criminelen manipuleren pinautomaat in supermarkt

LG ontwikkelt privacy-beeldscherm voor laptops

Britse ambtenaren ontslagen wegens datamisbruik

MS roll out exploit prediction with Patch Tuesday

Here is the attack forecast

DarkMarket carder forum revealed as FBI sting

Cybercrooks bamboozled

[3/5] RaidenFTPD Directory Name Buffer Overflow Vulnerability

Apache and Setting Up SSL

Google's Android: Beware the malware?

MoD admits losing nearly 2m recruits' details

Home Office turns down Nasa hacker's appeal

Vuln: Red Hat OpenSSH Backdoor Vulnerability

Vuln: vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability

FrSIRT - FUJITSU Products "RemoteFilterValve" Security Bypass Vulnerability

FrSIRT - WinFTP "PASV" Command Remote Denial of Service Vulnerability

FrSIRT - NoticeWare Email Server POP3 Remote Denial of Service Vulnerability

FrSIRT - XM Easy Personal FTP Server Remote Denial of Service Vulnerability

FrSIRT - RaidenFTPD "CWD" and "MLST" Commands DoS Vulnerability

Security suites fail exploit tests

Windows hit by fake security emails

Autisme kan NASA-hacker McKinnon niet redden

Use Gmail to fight spam

Europe and the U.S.: The one way mirror

Blue Coat, partners pitch less expensive data-leak prevention

When the watchdog is the underdog

Microsoft readies first attack forecast

'Experimental' security fix is malware, Microsoft says

[3/5] Avaya Products Red Hat Tampered OpenSSH Packages

[2/5] Debian update for linux-2.6

[3/5] ENOVIA Document Viewer Security Bypass

[3/5] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities

[3/5] Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability

[3/5] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability

[1/5] Firefox .url Shortcut File Information Disclosure

[2/5] Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation

[3/5] IndexScript "parent_id" SQL Injection Vulnerability

Security Suites falen detectie exploits

[DSA1650] DSA-1650-1 openldap2.3

[DSA1651] DSA-1651-1 ruby1.8

[DSA1652] DSA-1652-1 ruby1.9

FreeBSD : drupal -- multiple vulnerabilities (1174)

FreeBSD : mysql -- command line client input validation vulnerability (1172)

FreeBSD : cups -- multiple vulnerabilities (1173)

Steal This Comic

World Bank denies hackers pwned key systems

Shell-shocked banks must safeguard data

Big leap in malicious Web sites

Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm

Top security suites fail exploit tests

Hackers hijack Patch Tuesday

WiFi in hotels provide security risks to users

Vietnamese student hacker arrested

Bush Signs Law Creating Copyright Czar

Hoping for AppleTV update at Apples notebook event

NSW Govt advised to give students Linux laptops

Microsoft to buy BlackBerry

Nokia poised to unveil first touchscreen N-Series

RSA survey shows employees everyday behaviours puts sensitive business information at risk

PSP And PS3 Gets Updates

Mozilla Labs pursues Web dev tools

Microsoft ready for Silverlight's second act

Survey: IT execs afraid of job losses

HP to manage PC manufacturing plant in China

Blackmailing hacker hijacks hotel emails

Reinventing SIP

Massive quantum network unveiled

Whopper of a Microsoft Patch Day for October

DSA-1653 linux-2.6

Day 14 - Containment: a Personal IdentityTheft Incident, (Tue, Oct 14th)

'Experimental' security fix is malware, Microsoft says

'Experimental' security fix is malware, Microsoft says

'Experimental' security fix is malware, Microsoft says

'Experimental' security fix is malware, Microsoft says