Security News

The finest blend of the latest IT security news headlines, updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools

Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff

Security Blogs
Microsoft Security Advisories
Mailing Lists

Bookmark + Share

Colour scheme

IT Security News

News ≈ Packet Storm

The Register – Security

Security Bloggers Network

SANS Internet Storm Center, InfoCON: green Infocon: green Cybersecurity Legislation Components, (Sun, Feb 5th) Apple Security Advisory 2012-001 v1.1, (Sat, Feb 4th) Sophos 2012 Security Threat Report, (Fri, Feb 3rd) ISC StormCast for Friday, February 3rd 2012 http://isc.sans.edu/podcastdetail.html?id=2302, (Fri, Feb 3rd) Critical PHP bug patched, (Fri, Feb 3rd) New Poll – What security issue concerns you the most this year?, (Fri, Feb 3rd) PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1, (Fri, Feb 3rd) ISC StormCast for Thursday, February 2nd 2012 http://isc.sans.edu/podcastdetail.html?id=2299, (Thu, Feb 2nd)	The H Security The H Roundup for the week ending 4 February Google’s Bouncer scans the Android Market for Malware MSUpdate trojan attacked companies in the defence sector Break-ins at domain registrar VeriSign in 2010 Critical PHP vulnerability being fixed – Update Critical PHP vulnerability being fixed Report: Kelihos botnet making a comeback – Update Report: Kelihos botnet making a comeback HTC Android phones expose Wi-Fi passwords to apps Apple releases Mac OS X 10.7.3 Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey Hacker extracts RFID credit card details Linux developers fix a homemade network problem Data stolen from Japanese space agency Customer data exposed in Zappos.com breach The H Roundup for the week ending 14 January	E Hacking News \| Hacker News \| IT Security \| Cyber Crime [EHN] 24+ INDIAN site hacked by An0nym0uz17 69 Chinese Websites Hacked By TeamGreyHat [not really] Xss in hrithik roshan’s official fan site Malware steal your Documents and uploads them to Sendspace XWiki Web Application vulnerable to Cross Site Scripting Anonymous Hackers leaked FBI hacking investigation conference call Kelihos/Hlux botnet comeback with new Techniques VeriSign admits it was hacked repeatedly in 2010 Mac OS X Lion 10.7.3 released Irish Government Website passwords published by Anonymous Hackers FosWiki web application vulnerable to Cross Site Scripting 10+ Pakistani websites Vulnerable to SQL injection, found by Silent Hacker Forensics Vendor Passware warns Mac OS X FileVault 2 easily decrypted New Banking Trojan "Ice IX" Redirects Bank Phone Calls to Attackers Fatcat: Automated SQL Injection Tool Slowhttptest version 1.4 released : Pen Testing Tools
CNET News – Security Anonymous hacks lawyers for Marine accused of Iraq massacre Facebook users polled ‘unlike’ new Timeline feature Google’s response on new privacy policy ticks off congresswoman Anonymous: We snooped an FBI cybercrime call Mystery and mayhem surrounding MegaUpload (roundup) Kelihos botnet makes a comeback Feds seize illegal sports-streaming sites Teen finds bugs in Google, Facebook, Apple, Microsoft code Security concerns on Apple’s FileVault decryption via FireWire Google now scanning Android apps for malware	IT Security Blog \| TechRepublic Infographic: Kim Dotcom and the Megaupload story World IPv6 launch day set: Security pitfalls to look out for Insidious insiders: Psychology provides clues in handling invisible threats Repurposed software: Apps gone rogue Symantec says to disable pcAnywhere after source code exposure by Anonymous Facing down the Ramnit virus on Facebook: Tips for protection and clean-up Megaupload, Anonymous, SOPA and the Internet fallout Testing just how good Next Generation Firewalls are Infographic: Online banking and security SOPA shelved for now, but what does the future hold? DNSViz: Intimate view of a website’s DNS security How to sell information security to management Facebook takes steps to reward bug hunting: White hat debit cards Hitting Windows 8 reset button: Security bonus saves time and money SpyEye banking malware learns to cover its tracks 2012: The year of cyber-espionage?	ASTALAVISTA Security News News: Database of Fox Employees’ Passwords and Emails Leaked [Hackers] News: New graphics engines imperil users of Firefox and Chrome News: Arbor Networks Adds Data Center Product to Security Solutions News: Apple and Google wriggle on US Senate hot seat News: Clues from EDU: Universities that get security right News: Perfect storm for ORNL cyber attack News: Source code leaked for pricey ZeuS crimeware kit News: Facebook caught exposing millions of user credentials News: Kim Komando: Owners of original iPads need not dump them for iPad 2 News: Zac Goldsmith calls for privacy law

Regular Security News
hacking – Google News Hackers intercept FBI, Scotland Yard call – Newsday Hackers share personal information of Albertans with Nazi group links – Edmonton Journal ‘Hacking is not negative’ – The Hindu Zuckerberg defends hacking – News24 The Week in Words: The next phase; helping her pack; where hacking is a good thing – Philadelphia Inquirer Hackers hit law websites Haditha defense site defaced – Arab Times Kuwait English Daily Hackers apparently hit Swedish government site – USA TODAY UK: Hacked phone call with FBI poses no risk – USA TODAY Questions on Hacking for Times of London – New York Times Zuckerberg’s ‘Hacker Way’ Not Profit to Guide Post-IPO Facebook – San Francisco Chronicle	computer security – Google News Congress considers more power for government against cyberthreats to critical … – Washington Post Data Doctors: Using a ‘safe’ computer during tax season – East Valley Tribune State of SCADA Security Worry Researchers – eWeek FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections Remain – eWeek For Facebook ‘Hacker Way’ is way of life – PhysOrg.com Internet Security Has Proven to Be a Typical Rogue Antispyware Application – PR Leap (press release) Half of Fortune 500 firms infected with DNS Changer – Computerworld Oscars vote vulnerable to cyber attack under new online system, experts warn – The Guardian MetaFlows launches low-cost SaaS product that unifies network security – Computerworld Privacy advocates worry about government efforts to expand computer security … – Washington Post	Threat Level Bradley Manning to Face All Charges in Court-Martial Oklahoma Lawmaker Proposes Tax on Violent Video Games Anonymous Eavesdrops on FBI Anti-Anonymous Strategy Meeting Online Market for Pre-Owned Digital Music Hangs in the Balance Feds Seize 307 Sports-Related Domains Ahead of Super Sunday VeriSign Hit by Hackers in 2010 Copyright: To the Batmobile! Supreme Court of Sweden Upholds Pirate Bay Prison Sentences Google to Censor Blogger Blogs on a ‘Per Country Basis’ Megaupload Server Purge Delayed
Social Media
Reddit /r/netsec – Information Security News & Discussion Never got my FaceBook whitehat bounty… Don’t Stick That in There – Exploitation with HID Keyboard Emulation Malware Analysis Tutorials from Dr. Xiang Fu Everything you’ve ever wanted to know about ethernet taps. Mini-PoC for PHP RCE (CVE-2012-0830) TPM-backed SSL (xpost from /r/programming) Kelihos/Hlux botnet returns with new techniques Preventing Active Timing Attacks in Low-Latency Anonymous Communication [PDF] Studying Timing Analysis on the Internet with SubRosa [PDF] Timing Attacks in Low-Latency Mix Systems [PDF] Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit List of Secure Coding Standards x64 Windows Shellcode Raising the White Flag – Bypassing Application White Listing Law Firms Weigh Cost Of Network Security Against Hacking Risk Automation and Simplification Cont’d – "The (first) NMAP Post"	Stories Ting: Another Contract-Free Mobile Carrier In The U.S. The. Best. Phone. Manual. Ever. Your Phone Use in the Bathroom May Be Influenced by the Phone You Own Tim Cook Brings Philanthropic Attitude to Apple, Donates $100 Million to Charities The Internet makes you stupid, but this app might make you smarter What I learned from teaming up with Google Megaupload: Kim Dotcom describes his strange prison encounters in New Zealand court [VIDEO] Apple iPad Split Keyboard Features a Few Hidden Buttons [PIC] We Need Copyright Reform, Not The Anti-Counterfeiting Trade Agreement (ACTA) From Sand to Processor or How a CPU is made – Intel Polish Protests Put ACTA ‘On Hold’ Video: Be mesmerized by the future of glass ADZero bamboo smartphone prototypes hands-on iOS apps crash more often than Android apps British student designs bamboo smartphone F.B.I. Admits Hacker Group’s Eavesdropping	Stories Super Bowl 46 mobility by the numbers Fix CUI Errors After Installing OS X Lion 10.7.3 Update – How To Tutorial – Techn0city Extracting Concept from Text Documents Find Your Exact Location With with nothing more than a cellphone number \| ExMemory advertising agencies in michigan Discover More Regarding iPhone Launch Date Gossips Ultrabooks To Get Touchscreens and Voice Recognition \| Techhapp I will edit adjust airbrush three pictures to a very high standard – DoUpTo How To Display The Song Played In The Notification Banner \| Music Banners Jailbreak Tweak Tips and Tricks \| Reviews \| Make Money Online: Know The Web : Top 5 Sites To Kill Boredom Kindle Fire Satisfaction: Survey Shows Likes, Dislikes Of Fire Owners J2EE: Web Container vs Web Server vs Application Server Learning .NET Regular Expressions, Regex Part-1 New tablet 2012: Playbook BlackBerry OS 2.0 – the new tablet with applications from Android Top 10 Best Tablets – February 2012 Five Best Ways to Stream Live TV
Delicious/tag/security Wireless IP Camera \| Home Security CCTV Cameras \| Wireless Security Surveillance Network Camera \| Y-cam Solutions Top 10 Ways to Travel Smarter, Safer, and Cheaper Tor Cloud Strong Random Password Generator Free Proxy List – Public Proxy Servers (IP PORT) – Hide My Ass! Web Hoster Dreamhost Hacked, Asks Users To Change Passwords SSH tricks Home – L-1 Identity Solutions Symantec Security Center David Aspinall’s Instant GPG HOWTO Facebook Is Using You – NYTimes.com More locks for your SSH door Transparent Multi-hop SSH Fake Name Generator – Get a Random Name Free login to any site	Delicious/tag/hacking Lessons Learned: The Hacker Way SSH tricks shodan/wps.py at master from achillean/shodan-python – GitHub 70 Things Every Computer Geek Should Know. \| Arrow Webzine Use Google To Hack Into A Secrect World – Borntechie IKEA Hackers SemWare Corporation World-Wide-Web Server (http://www.semware.com) Network Security Articles for Windows Server 2003, 2008 & Vista Offensive Computing \| Community Malicious code research and analysis IT Security Magazine – Hakin9 www.hakin9.org Rooting – is it for me? Some Q&A \| Android Central Webcam Hacker Luis Mijangos: Newsmakers: GQ How to Crack a Wi-Fi Network’s WPA Password with Reaver BBC News – FBI probes Anonymous intercept of US-UK hacking call Noisebridge	Delicious/tag/encryption David Aspinall’s Instant GPG HOWTO PwdHash TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux Passlet – Online Password Manager LastPass – Password Manager, Form Filler, Password Management KeePass Password Safe KeePass – The Open-Source Password Safe Clipperz – online password manager Tao Effect Backtrack 5 – Bootable USB Thumb Drive with “Full” Disk Encryption Home – SQLCipher – Open Source Full Database Encryption for SQLite Gpg4win – EMail-Security using GnuPG for Windows thinkst Thoughts…: Chrome Extension for gpg in Gmail GPG Cheat Sheet Simple user model with password crypting [rails] [password] [user] [authentication]
Slashdot: Your Rights Online Google In Battle With Its Own Lawyers Job Seeking Hacker Gets 30 Months In Prison Ex-FCC Chair: Spectrum Plan "Single Worst Telecom Bill I’ve Seen" New Hampshire Passes ‘Open Source Bill’ Text Message Brands Quebec Man a Terror Suspect Apple Overturns Motorola’s German iPad and iPhone Sales Bans Canada’s Massive Public Traffic Surveillance System You Will Never Kill Piracy Facebook On Collision Course With New EU Privacy Laws Yes We Can (Profile You): a Brief Primer On Campaigns and Political Data Apple Clarifies iBooks Author Licensing Seattle Library Lets Man Watch Porn On Computers Despite Complaints ACTA’s EU Future In Doubt As Poland Suspends Ratification RIAA Wants To Scrap Anti-Piracy OPEN Act Anonymous Posts Audio of Intercepted FBI Conference Call	Got any bright ideas about what to put here?	I’m sure you can think of something with an rss feed

Tools

Security Tool Files ≈ Packet Storm

Viper Network Sniffer Script This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
Port Tester 0.1 This is a simple little port scanning script written in python.
Dradis Information Sharing Tool 2.9.0 dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of informat. […]
WeBaCoo (Web Backdoor Cookie) 0.2.2 WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern u. […]
Bluelog Bluetooth Scanner/Logger 1.0.1 Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique “Bluelog Live” mode, which puts. […]
GNU Privacy Guard 1.4.12 GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such. […]
PgSql Brute Force This is a small application built to demo the weakness in pgsql and networking. It is capable of running login attempts from multiple threads in parallel and can run up to 1024 concurrent connections.
HTTP Brute Force This is a small application built to test the performance of a http authentication system using a lot of concurrent connections. It can also be used to try lots of password against a http server. It is capable of using up to 1024 (or more using multiple processes). However with this amount it is cap. […]
Lightidra IRC Router Scanner Lightaidra is an IRC commanded tool that allows for scanning and exploiting routers. It also performs flooding.
Zorp Proxy Firewall Suite 3.9.3 Zorp is a proxy firewall suite with its core architecture built around today’s security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, a. […]
FatCat SQL Injector This is an automatic SQL Injection tool called FatCat. It has features that help you to extract the database information, table information, and column information from a web application.
Dark D0rk3r 0.5 Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
p0f 3.03b Windows Port P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebas. […]
Mobius Forensic Toolkit 0.5.11 Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Dark D0rk3r 0.4 Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
OpenDNSSEC 1.3.5 OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

CNET Download.com Security Software New Releases

Anti Trojan Elite 02/04/12 – Purge Trojan horses from your PC and manage system security issues.
IntelliProtector 02/03/12 – Activate software with a web-based control panel.
McAfee VirusScan Definition 02/03/12 – Get the latest antivirus updates.
Symantec Norton AntiVirus Virus Definition 02/03/12 – Get the latest virus definition file.
Norton AntiVirus Definitions Update (i32 Package) 02/03/12 – Update Norton virus definitions and antivirus products.
Norton AntiVirus Definitions Update (x86 Package) 02/03/12 – Update Norton AntiVirus virus definitions and antivirus products of multiple versions.
VirusBuster Virus Database Updates 02/03/12 – Update your VirusBuster antivirus with the latest signatures.
WeatherCheck Removal Tool 02/03/12 – Remove WeatherCheck and registry keys from your PC.
VirusBuster SPAM Database Updates 02/03/12 – Update your VirusBuster security suite with the latest signatures.
VoodooShield 02/03/12 – Lock and protect your computer when exposed to viruses, and unlock when not exposed.

empty

What security software source do you want to see here?

Exploits

Exploit Files ≈ Packet Storm

PHP 5.4.0RC6 Denial Of Service PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.
Edraw Diagram Component 5 Active-X Buffer Overflow Edraw Diagram Component 5 active-x buffer overflow proof of concept denial of service exploit.
ObjectLabs Forum Systems SQL Injection ObjectLabs Forum System suffers from a remote SQL injection vulnerability.
Conduit Wibiya Toolbar Persistent Cross Site Scripting Conduit Wibiya Toolbar suffers from a persistent cross site scripting vulnerability.
XWiki Enterprise 3.4 Cross Site Scripting XWiki Enterprise version 3.4 suffers from a cross site scripting vulnerability.
InsideChannel Web Design SQL Injection InsideChannel Web Design suffers from a remote SQL injection vulnerability.
Zanjan Azad University SQL Injection Zanjan Azad University suffers from a remote SQL injection vulnerability.
Conduit Wibiya Login Toolbar Cross Site Scripting Conduit Wibiya Login Toolbar suffers from a cross site scripting vulnerability.
Conduit Wibiya Password Recovery Toolbar Cross Site Scripting Conduit Wibiya Password Recovery Toolbar suffers from a cross site scripting vulnerability.
Conduit Image Search Engine Cross Site Scripting Conduit Image Search Engine suffers from a cross site scripting vulnerability.
Simkom Cross Site Scripting Simkom suffers from a cross site scripting vulnerability.
Douglass Media SQL Injection Douglass Media suffers from a remote SQL injection vulnerability.
Anfibia Remote Command Execution Anfibia suffers from a remote command execution vulnerability.
Raw CMS Cross Site Scripting Raw CMS suffers from a cross site scripting vulnerability.
PHP-Fusion 7.02.04 SQL Injection PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.

Exploit-DB updates

Securityvulns exploits channel

iptoolsex.pl IpTools(0.1.4) – Rcmd Remote Crash PoC
p_cve-2011-4362.c Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability
enumerator_asterisk_nat_peers.rb SIP Username Enumerator for Asterisk (UDP) Security Advisory AST-2011-013, CVE-2011-4597
https://twitter.com/#!/w3bd3vil/status/148454992989261824 causes a BSoD on win 7 x64 via Safari
7350roaringbeastv3.zip FreeBSD ftpd/ProFTPD remote exploit
oracleocepoc.php Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
zftpex.py zFTP Server “cwd” Remote Denial-of-Service
knftpd_exploit.py KnFTPd FTP Server v1.0.0 Multiple Command Remote Buffer Overflow Exploit
bwocxrun_1.zip BroadWin WebAccess Client bwocxrun.ocx PoC
killapache.pl Apache httpd Remote Denial of Service (memory exhaustion)
mn.pl HTTPKiller – FHTTP Kit by Xianur0
tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit
novell.pl Exploits Novell eDirectory/Netware LDAP-SSL daemon vulnerability
glob-0day.c PoC for multiple vendors ftpd (libc/glob) resource exhaustion
SecPod_AT_TFTP_DoS-POC.py Exploit will crash AT-TFTP Server v1.8 Service
ipcomp.zip BSD IPComp Kernel Stack Overflow Testcase

Inj3ct0r.com

Vulnerabilities

Advisory Files ≈ Packet Storm

Debian Security Advisory 2384-2 Debian Linux Security Advisory 2384-2 – It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny.
Secunia Security Advisory 47843 Secunia Security Advisory – Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
Secunia Security Advisory 47856 Secunia Security Advisory – A vulnerability with an unknown impact has been reported in Skype.
Secunia Security Advisory 47859 Secunia Security Advisory – A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
Secunia Security Advisory 47851 Secunia Security Advisory – A vulnerability has been reported in the Forward module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.
Secunia Security Advisory 47806 Secunia Security Advisory – A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.
Secunia Security Advisory 47846 Secunia Security Advisory – Red Hat has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Secunia Security Advisory 47817 Secunia Security Advisory – Red Hat has issued an update for ghostscript. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user’s system.
Secunia Security Advisory 47813 Secunia Security Advisory – Red Hat has issued an update for php53. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Secunia Security Advisory 47847 Secunia Security Advisory – A weakness and two vulnerabilities have been reported in Joomla!, which can be exploited by malicious users and malicious people to disclose sensitive information.
Secunia Security Advisory 47849 Secunia Security Advisory – Sony has discovered multiple vulnerabilities in Foswiki, which can be exploited by malicious users to conduct script insertion attacks.
Secunia Security Advisory 47824 Secunia Security Advisory – Red Hat has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Secunia Security Advisory 47801 Secunia Security Advisory – Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Secunia Security Advisory 47870 Secunia Security Advisory – A vulnerability has been discovered in the WP-RecentComments plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
Secunia Security Advisory 47788 Secunia Security Advisory – Debian has issued an update for iceweasel. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information and compromise a user’s system.
Secunia Security Advisory 47794 Secunia Security Advisory – Debian has issued an update for tomcat6. This fixes multiple weakness, two security issues, and multiple vulnerabilities, which can be exploited by malicious, local users and malicious people to disclose sensitive information, bypass certain security restrictions, or caus. […]

Bugtraq

[ MDVSA-2012:013 ] mozilla Posted by security on Feb 03 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:013 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mozilla Date : February 3, 2012 Aff. […]
ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability Posted by Security_Alert on Feb 03ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability. EMC Identifier: ESA-2012-010 EMC Identifier: SRCH-7949 CVE Identifier: CVE-2012-0396 Severity Rating: CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) Affected products: EMC SW: EMC Docume. […]
RFC 6528 on Defending against Sequence Number Attacks Posted by Fernando Gont on Feb 03Folks, FYI. (the RFC is available at: ) A new Request for Comments is now available in online RFC libraries. RFC 6528 Title: Defending against Sequence Number Attacks Author: F. Gont, S. Bellovin Status: Standards Track Stre. […]
[SECURITY] [DSA 2403-1] php5 security update Posted by Thijs Kinkhorst on Feb 03————————————————————————- Debian Security Advisory DSA-2403-1 security () debian org http://www.debian.org/security/ Thijs Kinkhorst February 02, 2012 http://www.debian.org/security/faq ——————————-. […]
[SECURITY] [DSA 2402-1] iceape security update Posted by Moritz Muehlenhoff on Feb 03————————————————————————- Debian Security Advisory DSA-2402-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq ————————-. […]
[SECURITY] [DSA 2400-1] iceweasel security update Posted by Moritz Muehlenhoff on Feb 03————————————————————————- Debian Security Advisory DSA-2400-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq ————————-. […]
[SECURITY] [DSA 2401-1] tomcat6 security update Posted by Moritz Muehlenhoff on Feb 03————————————————————————- Debian Security Advisory DSA-2401-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq ————————-. […]
[security bulletin] HPSBGN02740 SSRT100741 rev.1 – HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code Posted by security-alert on Feb 03SUPPORT COMMUNICATION – SECURITY BULLETIN Document ID: c03179825 Version: 1 HPSBGN02740 SSRT100741 rev.1 – HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitra. […]
GLSA (Gentoo Linux Security Advisory) publication changes Posted by Alex Legler on Feb 02Like other Linux distribution vendors, Gentoo is currently CC'ing advisories to the full-disclosure and bugtraq mailing lists. Starting today, we will be *no longer* publishing our advisories to full- disclosure or bugtraq. We are following our colleagues at Ubunt. […]
[security bulletin] HPSBMU02739 SSRT100280 rev.1 – HP Data Protector Media Operations, Remote Execution of Arbitrary Code Posted by security-alert on Feb 02SUPPORT COMMUNICATION – SECURITY BULLETIN Document ID: c03179046 Version: 1 HPSBMU02739 SSRT100280 rev.1 – HP Data Protector Media Operations, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possib. […]
[CAL-2012-0004] opera array integer overflow Posted by Code Audit Labs on Feb 02CAL-2012-0004 opera array integer overflow 1 Affected Products ================= 11.60 and prior 2 Vulnerability Details ===================== Code Audit Labs http://www.vulnhunt.com has discovered a integer overflow vulnerability in array functions like Int32Array. […]
Fwd: RA-Guard: Advice on the implementation (feedback requested) Posted by Fernando Gont on Feb 02Folks, We have talked about this one quite a few times (including ). — still, most implementations remain broken. If you care to get this fixed, please provide feedback about this I-D on t. […]
Call For Paper Posted by asemailing on Feb 02CALL FOR PAPER 2012 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust Amsterdam, The Netherlands, September 3-6, 2012 WebSite: http://www.asesite.org/conferences/PASSAT/2012/ Workshop Proposal Submission Deadline: March 1, 2012 Paper Submission Dea. […]
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 Posted by Apple Product Security on Feb 02APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact. […]
[ MDVSA-2012:012 ] apache Posted by security on Feb 02 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:012 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : February 2, 2012 Affe. […]

SecurityFocus Vulnerabilities

Unofficial Secunia Security Advisories

[2/5] 2X ApplicationServer TuxSystem ActiveX Control "ExportSettings()" Insecure Method Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data. http://secunia.com/advisories/47657/
[3/5] DotNetNuke Multiple Vulnerabilities A weakness and two vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious users to enumerate files on an affected system and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. http://secunia.com/advisories/47872/
[2/5] Foswiki Multiple Script Insertion Vulnerabilities Sony has discovered multiple vulnerabilities in Foswiki, which can be exploited by malicious users to conduct script insertion attacks. http://secunia.com/advisories/47849/
[2/5] Joomla! Multiple Information Disclosure Vulnerabilities A weakness and two vulnerabilities have been reported in Joomla!, which can be exploited by malicious users and malicious people to disclose sensitive information. http://secunia.com/advisories/47847/
[3/5] TYPO3 RTG Files Extension Two Vulnerabilities Two vulnerabilities have been reported in the RTG Files extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. http://secunia.com/advisories/47842/
[3/5] Sphinx Mobile Web Server "comment" Blog Comment Script Insertion Vulnerability Prabhu S Angadi has discovered a vulnerability in Sphinx Mobile Web Server, which can be exploited by malicious people to conduct script insertion attacks. http://secunia.com/advisories/47876/
[2/5] Red Hat update for JBoss Enterprise Portal Platform Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions,. […]
[4/5] Debian update for php5 Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/47801/
[3/5] Debian update for tomcat6 Debian has issued an update for tomcat6. This fixes multiple weakness, two security issues, and multiple vulnerabilities, which can be exploited by malicious, local users and malicious people to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service).. […]
[4/5] Debian update for iceweasel Debian has issued an update for iceweasel. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information and compromise a user’s system. http://secunia.com/advisories/47788/
[4/5] Debian update for iceape Debian has issued an update for iceape. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information and compromise a user’s system. http://secunia.com/advisories/47770/
[4/5] Red Hat update for php53 Red Hat has issued an update for php53. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/47813/
[3/5] Red Hat update for ghostscript Red Hat has issued an update for ghostscript. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user’s system. http://secunia.com/advisories/47817/
[3/5] Red Hat update for ghostscript Red Hat has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). http://secunia.com/advisories/47846/
[4/5] PHP "php_register_variable_ex()" Code Execution Vulnerability A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/47806/
[3/5] Skype Unspecified Vulnerability A vulnerability with an unknown impact has been reported in Skype. http://secunia.com/advisories/47856/

Security Videos & Podcasts

SecurityTube.Net

PaulDotCom

Risky Business

Other Stuff

Hack a Day

Announcement: SCADA Security Conference
Oil & Gas Cyber Security Forum

Includes hacking demonstrations, stuxnet, and more.
Takes place on Monday 21st and Tuesday 22nd November at the Copthorne Tara Hotel in London.

Files ≈ Packet Storm

DNS Service Oriented DoS / DDoS Attacks Whitepaper called DNS Service Oriented Denial of Service / Distributed Denial of Service Attacks. Written in Turkish.
Analysis Of A MIDI Remote Code Execution Vulnerability This whitepaper analyzes the MIDI remote code execution vulnerability found in the Windows Multimedia Library. Written in Turkish.
PHP 5.4.0RC6 Denial Of Service PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.
Edraw Diagram Component 5 Active-X Buffer Overflow Edraw Diagram Component 5 active-x buffer overflow proof of concept denial of service exploit.
Mobile Based MITM Attack This is a brief whitepaper discussing how to set up QT Mobile Hotspot and YAMAS applications to man in the middle connections using your phone.
ObjectLabs Forum Systems SQL Injection ObjectLabs Forum System suffers from a remote SQL injection vulnerability.
Conduit Wibiya Toolbar Persistent Cross Site Scripting Conduit Wibiya Toolbar suffers from a persistent cross site scripting vulnerability.
XWiki Enterprise 3.4 Cross Site Scripting XWiki Enterprise version 3.4 suffers from a cross site scripting vulnerability.
InsideChannel Web Design SQL Injection InsideChannel Web Design suffers from a remote SQL injection vulnerability.
Viper Network Sniffer Script This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
Zanjan Azad University SQL Injection Zanjan Azad University suffers from a remote SQL injection vulnerability.
Debian Security Advisory 2384-2 Debian Linux Security Advisory 2384-2 – It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny.
Mandriva Linux Security Advisory 2012-013 Mandriva Linux Security Advisory 2012-013 – Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote atta. […]
Ubuntu Security Notice USN-1355-1 Ubuntu Security Notice 1355-1 – It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processi. […]
Ubuntu Security Notice USN-1355-2 Ubuntu Security Notice 1355-2 – USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permiss. […]
Ubuntu Security Notice USN-1355-3 Ubuntu Security Notice 1355-3 – USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect p. […]

Files ≈ Packet Storm

DNS Service Oriented DoS / DDoS Attacks Whitepaper called DNS Service Oriented Denial of Service / Distributed Denial of Service Attacks. Written in Turkish.
Analysis Of A MIDI Remote Code Execution Vulnerability This whitepaper analyzes the MIDI remote code execution vulnerability found in the Windows Multimedia Library. Written in Turkish.
PHP 5.4.0RC6 Denial Of Service PHP version 5.4.0RC6 64-bit denial of service proof of concept exploit.
Edraw Diagram Component 5 Active-X Buffer Overflow Edraw Diagram Component 5 active-x buffer overflow proof of concept denial of service exploit.
Mobile Based MITM Attack This is a brief whitepaper discussing how to set up QT Mobile Hotspot and YAMAS applications to man in the middle connections using your phone.
ObjectLabs Forum Systems SQL Injection ObjectLabs Forum System suffers from a remote SQL injection vulnerability.
Conduit Wibiya Toolbar Persistent Cross Site Scripting Conduit Wibiya Toolbar suffers from a persistent cross site scripting vulnerability.
XWiki Enterprise 3.4 Cross Site Scripting XWiki Enterprise version 3.4 suffers from a cross site scripting vulnerability.
InsideChannel Web Design SQL Injection InsideChannel Web Design suffers from a remote SQL injection vulnerability.
Viper Network Sniffer Script This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
Zanjan Azad University SQL Injection Zanjan Azad University suffers from a remote SQL injection vulnerability.
Debian Security Advisory 2384-2 Debian Linux Security Advisory 2384-2 – It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny.
Mandriva Linux Security Advisory 2012-013 Mandriva Linux Security Advisory 2012-013 – Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote atta. […]
Ubuntu Security Notice USN-1355-1 Ubuntu Security Notice 1355-1 – It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processi. […]
Ubuntu Security Notice USN-1355-2 Ubuntu Security Notice 1355-2 – USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permiss. […]
Ubuntu Security Notice USN-1355-3 Ubuntu Security Notice 1355-3 – USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect p. […]

Security Blogs

Security Bloggers Network SSCC 82 – Sophos Security Threat Report, DMARC and mobile phone number leaks BITS Software Assurance Framework Not blending in with the furniture – CISO becoming a capable catalyst Easy Directory Traversal with Burp SOURCE Boston 2012 News! (IN)SECURE. February. 2012 Moyles’ Muppet Montage Principia Notitia Securitatem, Fred Piper, Ph.D. Best of the week – 5 febbraio 2012 Links for 2012-02-04 [del.icio.us] Finding Evil: Automating Autoruns Analysis DNS Changer infrastructure shutdown is a good thing Sonicwall netExtender on ubuntu x64 missing libssl or libcrypto Clarifying The Trustwave CA Policy Update Blending in with the furniture – responsibility vs capability in the CISO role Publish and/or perish	Schneier on Security Friday Squid Blogging: Clothing that Keeps an Exercise Journal The Problems of Too Much Information Sharing VeriSign Hacked, Successfully and Repeatedly, in 2010 Prisons in the U.S. The Idaho Loophole Possibly the Most Incompetent TSA Story Yet Biases in Forensic Science Liars and Outliers Update British Tourists Arrested in the U.S. for Tweeting The Nature of Cyberwar Password Sharing Among American Teenagers Evidence on the Effectiveness of Terrorism	LinuxSecurity.com – Latest News Kernel guru Greg Kroah-Hartman joins Linux Foundation Critical PHP vulnerability being fixed – Update Mozilla releases Firefox 10 browser with nine security fixes Public Wi-Fi not as secure as you think ‘Anonymous’ hackers intercept conversation between FBI and Scotland Yard VeriSign 2010 Hack: DNS Data Theft A Possibility Report: Kelihos botnet making a comeback RFID Credit Cards Are Easy Prey for Hackers 4 Ways to Prevent Domain Name Hijacking Hacking Made Easy Supreme Court of Sweden Upholds Pirate Bay Prison Sentences Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey
TaoSecurity Impressions: Network Warrior, 2nd Ed Impressions: Windows Sysinternals Administrator’s Reference Impressions: The Tangled Web The Toughest Question in Digital Security Best Book Bejtlich Read in 2011 Telling a Security Story with Charts Happy 9th Birthday TaoSecurity Blog Mandiant Webinar Wednesday; Help Us Break a Record! Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security" Become a Hunter National Public Radio Talks Chinese Digital Espionage Dustin Webber Creates Network Security Monitoring with Siri Trying NetworkMiner Professional 1.2 Thoughts on 2011 ONCIX Report Tao of Network Security Monitoring, Kindle Edition Why DIARMF, "Continuous Monitoring," and other FISMA-isms Fail	SecuriTeam Blogs Publish and/or perish Give someone enough rope … REVEIW: “Zero Day”, David Baldacci Certified security awareness New computers – Kindle – Ebooks and education Corporate social media rules DLP New computers – Kindle – Books (part 1) 2nd Annual Cyber Security China 2012 New computers – Kindle – More Encounters New computers – Kindle – BC Libraries “Zero Day”, Mark Russinovich Who’s Who phish New computers – Kindle – operation First big break-in of the year New computers – Kindle – net	Offensive Computing – Community Malicious code research and analysis CAST Slides: Hunting malware with Volatility v2.0 The WOW-Effect: Imho something the IT-Security community should be aware of … Introduction to IDA Python CSI:Internet series – Spyeye detection with Volatility v2 and kernel debugging the TDL4 rootkit Stealthy Profiling and Debugging of Malware Three Million Samples MeMMon – A Light Weight Process Memory Scanner Releasing PDF X-RAY PoC XMPP Bot C&C using Google Talk (video) Reversing TDSS: The x64 Dollar Question
Darknet – The Darkside theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool Super Powered Malware Sandwiches Found In The Wild – Frankenmalware Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items Sprint Adds Google Wallet Into New NFC Capable Phones Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details Patator – Multi Purpose Brute Forcing Tool US Subway Stores POS Hacked For $3Million Dollars Social Engineering Vulnerability Evaluation and Recommendation Project Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages	The Dark Visitor Unnatural Selection by Mara Hvistendahl Unemployed PRC prick hacks TV contestants’ webcams (RSA tokens probably not involved) Word cloud and Word document for 2011 White Paper on National Defense FBI: $11 million worth of unauthorized wire transfers to China The online “Water Army” Chinese hackers bringing the world together Shock: Chinese hackers not supporting the Jasmine Revolution China’s White Paper on National Defense 2010 Chinese hackers suspected in compromise of Australian PM’s computer South Korean firms paying Chinese hackers	WhiteHat Security Blog Who Would Want to Take Down the Internet? Who are WhiteHat Security’s competitors? — It’s not who you think Cross-Site Request…Framing? sIFR3 Remote Code Execution My First CSRF The Anywhere Internet and the Nowhere Security Who Has Your Credentials? The Ubiquitousness of Web apps and the Browsers Who Love Them Web Browser — The Single Most Important [Online] Security Decision You Make Follow the Bouncing File Upload
cr0 blog Javocalypse There’s a party at Ring0, and you’re invited CVE-2010-0232: Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Virtualization security and the Intel privilege model CVE-2009-2267: Mishandled exception on page fault in VMware Security in Depth for Linux Software CVE-2009-2793: Iret #GP on pre-commit handling failure: the NetBSD case CVE-2009-2698: udp_sendmsg() vulnerability Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692) Old school local root vulnerability in pulseaudio (CVE-2009-1894) Bypassing Linux’ NULL pointer dereference exploit prevention (mmap_min_addr) Time-stamp counter disabling oddities in the Linux kernel Write once, own everyone, Java deserialization issues Local bypass of Linux ASLR through /proc information leaks Interesting vulnerability in udevd 26	HITBSecNews – Keeping Knowledge Free for Over a Decade EFF ready to sue if "innocent customers" can’t get Megaupload data back AMD sets out its plans for 2013, hints at a possible ARM future Xbox Live Bans User For Getting Hacked VeriSign admits multiple hacks in 2010, keeps details under wraps Facebook IPO decoded: An at a glance look at the numbers behind Facebook’s big reveal HITBSecConf2012 – Amsterdam brings new hackathon, Capture The Flag and keynotes by Bruce Schneier and Andy Ellis Intel Invests In Web Security Startup Solera Networks Basics of embedded firewalls – Exploding the myths Sarah Palin hacker loses appeal against evidence deletion Angry Birds boss: Piracy helps us ‘get more business’ Intrusion detection offered as cloud package by Metaflows Student privacy activists due to meet with Facebook Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit 10 SharePoint Security Mistakes You Probably Make Banking Trojan breaks captcha to spread bot Porn app hides Trojan to target Android smartphones warns F-Secure	GNUCITIZEN Well Websecurify Runs on The iPhone Stuxnet Having fun with BeEF, the browser exploitation framework ColdFusion directory traversal FAQ (CVE-2010-2861) 1ST European Edition of HITB Coming Up! Hacking Linksys IP Cameras (pt 6) Dnsmap v0.30 is now out! Old-school Remote Command Exec Vulnerabilities on Avaya Intuity Skydive Free Web Application Security Testing Tool Of Sec Cons and Magstripe Gift Cards CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept Hacking Linksys IP Cameras (pt 5) Breaking Into a Home With an iPhone Extensions at War Exploit Sweatshop

The Ethical Hacker Network RSS News Feed

Carnal0wnage & Attack Research Blog

Daily Dave

ha.ckers.org web application security lab

Security4all – Dedicated to digital security, enterprise 2.0 and presentation skills

Rapid7 Community : Blog List – Metasploit

DVLabs: Blogs

The RISKS Digest

Post Politics: Breaking Politics News, Political Analysis & More – The Washington Post

Microsoft Security Advisories

MSRC

January 2012 Security Bulletin Webcast Q&A Hello, Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded nine questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to ans. […]
January 2012 Security Bulletins Released Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft pro. […]
January 2012 ANS is released Hello. Today we’re releasing our advance notification for the January security bulletin release, which is scheduled for Tuesday, January 10. This month’s release includes seven bulletins addressing eight vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software. As always,. […]
December 2011 Out-Of-Band Bulletin Release: Q&A and Webcast Hello, Today we published the December 2011 Out-of-Band Security Bulletin Webcast Questions & Answers page. We fielded 41 questions on the subject of MS11-100 . There were four questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page. […]
December 2011 Out-Of-Band Security Bulletin Webcast Q&A Hosts: Jonathan Ness, Security Development Manager, MSRC Pete Voss, Sr. Response Communications Manager, Trustworthy Computing Website: TechNet/Security Chat Topic: December 2011 Out-Of-Band Security. […]
Microsoft releases MS11-100 for Security Advisory 2659883 Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883. The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported ver. […]
Advanced Notification for out-of-band release to address Security Advisory 2659883 Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of Critical and. […]
Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .N. […]
December 2011 Bulletin Release Q&A and Slide Deck Hello, Today we published the December Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. For more details on this month’s bulletins, click here to view the s. […]
December 2011 Security Bulletin Webcast Q&A Hosts: Jonathan Ness, Security Development Manager, MSRC Jerry Bryant, Group Manager, Trustworthy Computing Communications Website: TechNet/Security Chat Topic: December 2011 Security Bulletin Release Date:. […]
A look back at 2011’s security landscape Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we’re providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However, since this is the las. […]
The December bulletins are released Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, three of which are rated Critical in severity, and 10 Important. These bulletins will increase protection by addressing 19 unique vulnerabilities in Microsoft pro. […]
News from MAPP, and Advance Notification Service for the December 2011 Bulletin Release Hello all. Before we look at next week’s bulletin release, we’d like to point out an update to our Microsoft Active Protections Program (MAPP) that should provide customers with greater transparency as to how MAPP partners use the information we share with them when we release security advisorie. […]
Microsoft releases Security Advisory 2641690, updates Untrusted Certificate Store Hi everyone, As a follow-up to Friday’s blog post, today we released Security Advisory 2641690 to notify customers that we revoked the trust of DigiCert Sdn.Bhd in an update that moves two Intermediate Certificate Authorities (CA) certificates to the Microsoft Untrusted Certificate Store. We made. […]
Microsoft hosts BlueHatv11, releases four bulletins Hello, On this November Update Tuesday, we’re recapping the BlueHat conference, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its 11th installment of the BlueHat conference Nov. 2-4. The event featured pres. […]
Microsoft releases Security Advisory 2639658 Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring. […]

Microsoft Sec Notification

Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Feb 01******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: February 1, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 27******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 27, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 24******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 24, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 18******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 18, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 17******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 17, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 16******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 16, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Re-Releases Posted by Microsoft on Jan 11******************************************************************** Title: Microsoft Security Bulletin Re-Releases Issued: January 11, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a majo. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 11******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 11, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Summary for January 2012 Posted by Microsoft on Jan 10******************************************************************** Microsoft Security Bulletin Summary for January 2012 Issued: January 10, 2012 ******************************************************************** This bulletin summary lists security bulletins released. […]
Microsoft Security Advisory Notification Posted by Microsoft on Jan 10******************************************************************** Title: Microsoft Security Advisory Notification Issued: January 10, 2012 ******************************************************************** Security Advisories Updated or Released Today ==============. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jan 10******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: January 10, 2012 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Bulletin Advance Notification for January 2012 Posted by Microsoft on Jan 08******************************************************************** Microsoft Security Bulletin Advance Notification for January 2012 Issued: January 5, 2012 ******************************************************************** This is an advance notification of security. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Dec 30******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: December 30, 2011 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
Microsoft Security Advisory Notification Posted by Microsoft on Dec 29******************************************************************** Title: Microsoft Security Advisory Notification Issued: December 29, 2011 ******************************************************************** Security Advisories Updated or Released Today =============. […]
Microsoft Security Bulletin Summary for December 2011 Posted by Microsoft on Dec 29******************************************************************** Microsoft Security Bulletin Summary for December 2011 Issued: December 29, 2011 ******************************************************************** This bulletin summary lists an out-of-band security b. […]