Security News

The finest blend of the latest IT security news headlines, updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools

Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff

Security Blogs
Microsoft Security Advisories
Mailing Lists

Bookmark + Share

Colour scheme

IT Security News

Packet Storm Security Headlines Check Counterfeiting Using Botnets And Money Mules Momentum Building For Federal Online Privacy Rules Exclusive Sneak Peek – DefCon Ninja Party Badge Slovenia IDs, Arrests Mariposa Botnet Creator Adobe Fights Exploits With MAPPs Hackers To Flock To Black Hat, Defcon This Week Wireless Network Security Weakness To Demo At Defcon Hackers To Get Eavesdropping Lessons On Cell Calls Bug Reporting Could Be A Hot Topic At Black Hat Citi iPhone App Flaw Raises Questions Of Mobile Security Zeus Bot Latches Onto Windows Shortcut Security Hole Transcript – Wikileaks Afghanistan Docs Alarming	The Register – Security Cell phone eavesdropping enters script-kiddie phase NoScript 2.0 beefs border patrol Armed with exploits, ATM hacker hits the jackpot Scareware victims seldom fight back Adobe fights exploits with MAPPs Tight-lipped Apple fixes Safari autosnoop bug Smart meters pose hacker kill-switch risk, warn boffins Reboot key Brit ‘ready to save internet’ Mariposa mastermind arrested in Slovenia Russian gang uses botnets to automate check counterfeiting Wireless network security weakness to demo at DEFCON Aussie hacker pleads guilty to banking Trojan scam Zeus bot latches onto Windows shortcut security hole Opening UK cyber-security challenge cracked Battle joined for future of open source IPS Minister calls for more cyber security experts	Security Bloggers Network The List of Apple Trackpad Gestures Day one at SecurityBSides Las Vegas Black Hat 2010 Alleged Mariposa Botnet Author Nabbed [BSidesLV] Fierce v2 Turning an ATM into a Slot Machine [BSidesLV] Fuck Tools Dead Men Tell No Tales, but Smart Phones Tell All Network Automation is Inevitable Itsecuriteer in twitter [BSidesLV] ExploitHub: Arming the Pen Testers to Plug the Holes [BSidesLV] Building Bridges: Forcing Hackers and Business to “Hug it Out” Contrary to Recent Assertions – Snort 2.9 beta has been released, and it’s awesome.. Security was not really the issue in LA/Google [BSidesLV] Multi-Player MetaSploit Business logic abuse against Yahoo
SANS Internet Storm Center, InfoCON: green Infocon: green The 2010 Verizon Data Breach Report is Out, (Thu, Jul 29th) Apple Releases Safari 4.1.1 and 5.0.1 addressing several vulnerabilities. http://support.apple.com/kb/HT4276, (Wed, Jul 28th) Oracle announced GNOME Display Manager password disclosure weakness, (Wed, Jul 28th) Responsible Disclosure or Full Disclosure?, (Tue, Jul 27th) Google releases Chrome 5.0.375.125 to fix security bugs, more at http://googlechromereleases.blogspot.com, (Tue, Jul 27th) SophosLabs Released Free Tool to Validate Microsoft Shortcut, (Mon, Jul 26th) Updated version of Mandiant’s Web Historian, (Sun, Jul 25th) Transmiting logon information unsecured in the network, (Sat, Jul 24th) Mozilla advisory for Firefox…Upgrade to 3.6.8. http://www.mozilla.org/security/announce/2010/mfsa2010-48.html, (Sun, Jul 25th)	SecurityFocus News News: Change in Focus News: Twitter attacker had proper credentials News: PhotoDNA scans images for child abuse News: Conficker data highlights infected networks Brief: Google offers bounty on browser bugs Brief: Cyberattacks from U.S. "greatest concern" Brief: Microsoft patches as fraudsters target IE flaw Brief: Attack on IE 0-day refined by researchers News: Monster botnet held 800,000 people’s details News: Google: ‘no timetable’ on China talks News: Latvian hacker tweets hard on banking whistle News: MS uses court order to take out Waledac botnet Infocus: Enterprise Intrusion Analysis, Part One Infocus: Responding to a Brute Force SSH Attack Infocus: Data Recovery on Linux and ext3 Infocus: WiMax: Just Another Security Challenge?	[ISN] InfoSec News Mailing List Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia Security researcher demonstrates ATM hacking DHS official fields hard questions at Black Hat Android wallpaper app that steals your data was downloaded by millions BlackBerry agrees to address India’s security concerns: MHA One Breach = $1 Million To $53 Million In Damages Per Year, Report Says Black Hat too commercial for you? Black Hat: Mobile Flaws Get Attention [Dataloss Weekly Summary] Week of Sunday, July 18, 2010 39 IOS unveils advanced cyber schoolhouse addition Call for Chapter Proposals MoD loses a staggering 340 laptop computers in TWO YEARS…and most of them were not encrypted CfP: WORKSHOP ON CLOUD PRIVACY, SECURITY, RISK & TRUST (CPSRT 2010) – Deadline Extended! Police called over pizza hack Wikileaks releases massive set of Afghan war files Microsoft: No plans to pay for security vulnerabilities
CNET News – Security Expert: Critical system flaws a ‘ticking time bomb’ Black Hat shines light on security (roundup) Security researcher demonstrates ATM hacking Adobe to follow Microsoft plan of sharing security info Check counterfeiting using botnets and money mules Report: Most data breaches tied to organized crime Tabs get tweaked in Firefox 4 beta 2 Juniper Networks to acquire SMobile Systems App Genome Project eyes iPhone, Android security Hackers to flock to Black Hat, Defcon this week	IT Security The mystical world of data center fire suppression WPA/WPA2 encryption: A possible workaround Knowledgeable humans are still the best spam filters Welcome to the future: cloud-based WPA cracking is here User IDs and passwords: Equally important for access security Profiling and categorizing cybercriminals Security hyenas and the abuse of the word ‘terrorist’ How much security is enough? Understanding the market for buggy software: Complexity blurs line between bugs and features Have you heard the one about the 21st century Russian spy ring?	Do you <3 the security news? Then help us get more links by bookmarking us on sites like digg, delicious, etc.
Regular Security News
hacking – Google News Hacking can make more than 100m Facebook identities public – Siliconrepublic.com Microsoft Goes Protective with Windows 7 Phone – Windy City Strategies (blog) Recreation director’s e-mail gets hacked overseas – NorthJersey.com Security researcher demonstrates ATM hacking – CNET Open source hack aids mobile phone snooping – Inquirer A curtain raiser: Black hat and Defcon hacking conferences – White Hat News Study finds more data breaches are inside jobs – San Francisco Chronicle iPhone hacking becomes legalized – Pittsburgh Post Gazette Motorola Droid X gets one-click root; Let the hack-fest begin – IntoMobile (blog) Hacking iPhones, games legal in US under DMCA revisions – Destructoid	computer security – Google News Details of 100 million Facebook users leaked online – The Hindu 360° Protection Now Delivering Computer Wiring Services Across New York City – PR.com (press release) BitDefender’s 2010 Security Trends – Arab Times Bunker-busting ATM attacks show security holes – The Associated Press Private Security Firms Help FBI Bring Down Cybercriminals – Hacker Arrested in … – PR Newswire (press release) Sophos releases "Windows Shortcut Exploit Protection Tool" – ZDNet (blog) Symantec reports first-quarter profit of $161 million – San Jose Mercury News DHS Exec Takes Hard Questions on Cybersecurity – PC World Software rivals turning to allies to battle cyber crime – AFP Ex-CIA director will speak at Black Hat – Inquirer	Threat Level Researcher Demonstrates ATM ‘Jackpotting’ at Black Hat Conference Court Says Privacy Advocate May Publish Social Security Numbers Exclusive Sneak Peek: DefCon Ninja Party Badge Ukrainian Carding King ‘Maksik’ Was Lured to Arrest Second Student Sues School District Over Webcam Spying Privacy Lawsuit Targets Net Giants Over ‘Zombie’ Cookies Pentagon Says Bradley Manning a Possible Suspect in Afghan Leak U.S. Declares iPhone Jailbreaking Legal, Over Apple’s Objections Wikileaks Releases Stunning Afghan War Logs — Is Iraq Next? Handgun-Wielding Darth Vader Robs Bank
Social Media
Reddit network security Dear NetSec, share with me your clients from hell. 800,000 Personal Data Possibly Missing From S. Weymouth (MA) Hospital - Security researcher demonstrates ATM hacking "Leaked" data of 100M Facebook users came from public info Turning an ATM into a Slot Machine Photos from Barnaby Jack ATM Hacking Demo at Black Hat Today! Blackhat – ATM Hack Kill switch quandry: should president have power to turn off Internet New Zealand pizza lovers suffer information theft from Hell How is google clickjacking? Most companies suffering breaches missed obvious signs of employee misconduct DefCon Meetup Round 3 Rogue AV Masquerades as a Firefox/Flash Update This botnet based check-counterfeiting scam only netted $65K but to me it’s like a work of art. Security Tool Virus now trying to hack Firefox users with Flash update Check fraudsters target job seekers with slick money mule cash checking offer	digg.com: Stories / Security / Popular Why WikiLeaks Is The Pirate Bay of Political Intelligence Student Webcam Spy Scandal Broadens Privacy Suit Targets Net Giants Over ‘Zombie’ Cookies US security chiefs tricked in social networking experiment Hole-y WiFi! WPA2 vulnerability found Certified Lies: Big Brother In Your Browser Australian Governments Secret Plans To Spy On Web Surfers RapidShare Scores Another Win Against Movie Studio "Could a single hacker crash a country’s network Accused spyware sender: I’m too good to have gotten caught Vendor Inaction Leads Researcher to Disclose Safari, IE flaw Adobe Reader ‘Sandbox’ Boosts PDF Security Is ubiquitous encryption technology on the horizon? Cyberwarrior Shortage Threatens U.S. Security Windows token kidnapping returns to haunt Microsoft Court Bans The Pirate Bay From The Netherlands	digg.com: Stories / Security / Upcoming Removable media control and USB encryption – lessons learned What your phone app doesn’t say: It’s watching Remove Downloader-CJX.gen.a or Worm.Win32.VBNA.aiuj virus Tips to avoid ATM fraud at home and abroad Warning & examples Scam emails Download Facebook Users Profiles Leaked online 100 Million Facebook Pages Leaked on Torrents Profiles of 100 mn Facebook users leaked online How to retrieve a lost Windows XP user Login password iPhone Jailbreaking: Legal, but Dangerous Security provide by Alarm System Camera Security Now Blog: Parking Lot Security Cameras Cell Plugin: Mobiletracker for Blackberry 8800 and Blackberr Fake Firefox Update Minimizing risks in uncertain times British information commissioner said Google wi-fi not impac
Delicious/tag/security Google Online Security Blog Dr.Web CureIt! — download free anti-virus! Cure viruses, Best free anti-virus scanner! How to Setup Your Own Web Proxy Server For Free with Google App Engine [Video Tutorial] Wifislax – Inicios – presentación Wifislax Android wallpaper app that steals your data was downloaded by millions \| VentureBeat Privacy Lawsuit Targets Net Giants Over ‘Zombie’ Cookies \| Threat Level \| Wired.com 100 million Facebook user pages end up on a torrent site. NIST.gov – Computer Security Division – Computer Security Resource Center how-twitter-got-attacked-by-ddos.jpg (JPEG Image, 710×434 pixels) ComboFix \| freeware inSSIDer Wi-Fi Scanner \| MetaGeek Details of 100m Facebook users collected and published Researcher Releases Facebook Profile Data – Bits Blog – NYTimes.com Hackers With Enigmatic Motives Vex Companies – NYTimes.com 35 Security Plugins to Make Your WordPress Bulletproof	Delicious/tag/hacking Wifislax – Inicios – presentación Wifislax The Reverse Code Engineering Community • Index page Damn Vulnerable Linux – The most vulnerable and exploitable operating system ever! Hackers With Enigmatic Motives Vex Companies – NYTimes.com Сниффер витой пары из Wi-Fi роутера / Хабрахабр Detect Hacking attempts with Google Analytics \| Seer Interactive SEO Blog Steganography and Piracy in the Age of Digital Distribution — Zachary Burt’s Blog Security Blog \| Arbor Networks \|Security to the Core US Copyright Office Allows Jailbreaking All about iPhone [OS \| Apps \| Tricks \| Tips]: Fix ultrasn0w repo error in Cydia Hackspace BlackHat-USA-2010-Jack-JackpottingATM-video.m4v (video/x-m4v Object) 15 Developer/Hacker Women to Follow on Twitter Index of /content/downloads/pdf Top 40 Arduino Projects of the Web \| Hack N Mod	Delicious/tag/encryption extcv \| Download extcv software for free at SourceForge.net roner70: Ubuntu 10.04 Alternate installation (encrypted LVM setup) EncFS — Википедия Installing Ubuntu 8.04 with full disk encryption « Learning in Linux Yubico TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux Privacy and the Indian Constitution: A Case Study of Encryption What is a Digital Signature? GNU Privacy Guard – Wikipedia, the free encyclopedia Diceware OpenVPN GUI for Windows GPGServices GPGMail – PGP for Apple Mail GRC \| Ultra High Security Password Generator xkcd: Cryptography
Slashdot: Your Rights Online FTC Wants Browsers To Block Online Tracking ASCAP Refuses To Debate Lessig Commission Affirms NVIDIA Violated Rambus Patents UK Courts Rule Nintendo DS R4 Cards Illegal Tennessee Town Releases Red Light Camera Stats What To Do About CC License Violations? DMCA Exemptions Don’t Matter If You Don’t Want Your Car Stolen, Make It Pink Rambus Could Reap Millions In Patent Settlements Lawsuit Hits Companies Using ‘Zombie’ Flash Cookies Rogue Anti-Virus Victims Rarely Fight Back LA’s Move To Google Apps Slows As "Apps For Gov’t." Announced Free Software, a Matter of Life and Death Google Nabs Patent To Monitor Your Cursor Movement Chatroulette To Log IP Addresses, Take Screenshots	Got any bright ideas about what to put here?	I’m sure you can think of something with an rss feed

Tools

Packet Storm Security Tools

AdminLoginFinder.tar.gz AdminLoginFnder is a perl script that scans webservers for administrative login / control panel sections.
fbruteforcer.py.txt This is a simple Facebook bruteforcing script that makes use of the Python Mechanize module and a wordlist.
stackbf.c Stack bruteforcing utility against buffer overflow programs with ASLR. Provides polymorphic shellcode for /bin/sh.
fuzzdiff.py.txt FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively un-fuzz portions of the fuzzed file while re-. […]
dff-0.7.0-src.tar.gz DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
RewriteProxy.tar.gz RewriteProxy is a small python tool that is based on the twisted library. Its purpose is to serve local files instead of remote files to fool the same-domain policy of modified flash and java-applets.
watobo_0.9.2rev149.zip WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning. […]
PHPJackal.php.gz PHPJackal is a PHP script that can be used to manage files, perform safemode bypass, has crackers built-in, various network scanners and more.
skipfish-1.52b.tgz Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
webenum-0.1.py.gz WebEnum is a tool to enumerate http responses to dynamically generated queries. It is a flexible universal tool to perform penetration testing on web servers. It’s useful for guessing resource names and columns size in SQL injection, bruteforce web accounts and passwords, discovery web directories a. […]

CNET Download.com Security Software New Releases

Panda Virus Signature File 07/29/10 – Get recent virus signature file.
MultiSafe 07/29/10 – Combine single password encryption with password managing into one powerful protection application.
Ad-Aware Anniversary Edition Definition File 07/28/10 – Update your Ad-Aware definition file to the latest release.
Password Depot U3 Edition 07/28/10 – Protects your confidential passwords from external access.
Trend Micro Virus Controlled Pattern File 07/28/10 – Get updated virus pattern files.
Password Depot 07/28/10 – Protects your confidential passwords from external access.
Symantec Norton AntiVirus Virus Definition 07/28/10 – Get the latest virus definition file.
McAfee VirusScan Definition 07/28/10 – Get the latest antivirus updates.
Norton AntiVirus Definitions Update (x86 Package) 07/28/10 – Update Norton AntiVirus virus definitions and antivirus products of multiple versions.
Norton AntiVirus Definitions Update (i32 Package) 07/28/10 – Update Norton virus definitions and antivirus products.

Exploits

Packet Storm Security Exploits

uplusftp-overflow.txt UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit.
symantecams-flaw.txt Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit.
jira-xss.txt Jira version 4.0.1 suffers from a cross site scripting vulnerability.
zemana-escalate.txt Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability.
ceteraecommerce-sqlxss.txt Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
apachetomcat-traversal.txt UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18.
joomlaphotomapgallery-sql.txt Joomla PhotoMap Gallery version 1.6.0 suffers from multiple remote blind SQL injection vulnerabilities.
avarcade-insecure.txt AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.
nubuilder-rfi.txt nuBuilder version 10.04.x suffers from a remote file inclusion vulnerability.
punbbpunpm-sql.txt PunBB versions 1.3.x and below with Pun_PM versions 1.2.6 and below remote blind SQL injection exploit.

Exploit-DB updates

Securityvulns exploits channel

dmfilemanagerex.php DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
pcnfsd.c rpc.pcnfsd remote format string exploit, tested against AIX 6.1.0 and lower
gs_ps.pl GhostScript 8.70 PoC
gs_bsd.pl GhostScript 8.70 exploit for FreeBSD 8.0
sysaxex.pl Exploits Sysax Multi Server “open”, “unlink”, “mkdir”, “scp_get” Commands DoS Vulnerabilities
phpwcmsex2.php PHPWCMS Cross-Site Request Forgery Vulnerability exploit
eset_lzh.zip ESET Smart Security 4.2 and NOD32 Antivirus 4.2 (x32-x64) LZH archive parsing PoC exploit.
marqex.html Exploit for all browsers (Tested on: Mozilla Firefox // Internet Explorer // Google Chrome // Netscape
novanet-dos.c NovaSTOR NovaNET/NovaBACKUP
novanet-own.c NovaSTOR NovaNET
novanet-read.c NovaSTOR NovaNET remote DoS + arbitrary memory read
novanet-own-lnx.c NovaSTOR NovaNET
completeftpdos.pl CompleteFTP v3.3.0 – Remote Memory Consumption DoS
micropointex.c Micropoint Proactive Denfense Mp110013.sys
winsoftmagicex.c Exploits WinSoftMagic Photo Editor .PNG File Buffer Overflow
vbulletindos.pl vBulletin Denial Of Service Exploit

Inj3ct0r.com

Powered by Arcs Solutions Auth Bypass Admin Powered by Arcs Solutions Auth Bypass Admin
Symantec AMS Intel Alert Handler Service Design Flaw Symantec AMS Intel Alert Handler Service Design Flaw
Joomla Component PhotoMap Gallery 1.6.0 Multiple Blind SQL Injection Joomla Component PhotoMap Gallery 1.6.0 Multiple Blind SQL Injection
Apache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability Apache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability
Joomla Component com_maxcomment Sql Injection Vulnerability Joomla Component com_maxcomment Sql Injection Vulnerability
Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 Local Privilege Escalation Zemana AntiLogger AntiLog32.sys
AV Arcade v3 Cookie Authentication Bypass AV Arcade v3 Cookie Authentication Bypass
Netvision V-1.0 RFI Vulnerability Netvision V-1.0 RFI Vulnerability
EggBlogg 4.1 <= LFI Vulnerability EggBlogg 4.1
ClickAndBanex (Auth Bypass) SQL Injection Vulnerability ClickAndBanex (Auth Bypass) SQL Injection Vulnerability
UPlusFTP Server v1.7.1.01 HTTP Remote Buffer Overflow Post Auth UPlusFTP Server v1.7.1.01 HTTP Remote Buffer Overflow Post Auth
PunBB <= 1.3.4 Pun_PM <= v1.2.6 Blind SQL Injection Vulnerability PunBB
QQPlayer smi File Buffer Overflow Exploit QQPlayer smi File Buffer Overflow Exploit
Joomla Component com_livre SQL Injection Vulnerability Joomla Component com_livre SQL Injection Vulnerability
Social Media v2.0.0 LFI Vulnerabilities Social Media v2.0.0 LFI Vulnerabilities
nuBuilder Remote File inclusion Vulnerability nuBuilder Remote File inclusion Vulnerability

Vulnerabilities

Packet Storm Security Advisories

MDVSA-2010-142.txt Mandriva Linux Security Advisory 2010-142 – The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a. […]
secunia-autonomykvrp.txt Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited. […]
secunia-autonomykvindex.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsi. […]
secunia-wkssriu.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll). […]
secunia-autonomywosr.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based. […]
secunia-autonomyrtfsigned.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the \\ls keyword within a list override table entry in RTF files. This can. […]
secunia-autonomywkssr.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record t. […]
secunia-autonomycfp.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overfl. […]
dsa-2076-1.txt Debian Linux Security Advisory 2076-1 – It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
dsa-2075-1.txt Debian Linux Security Advisory 2075-1 – Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

Bugtraq

New vulnerabilities in Cetera eCommerce Posted by MustLive on Jul 28Hello Bugtraq! I want to warn you about security vulnerabilities in Cetera eCommerce. —————————– Advisory: New vulnerabilities in Cetera eCommerce —————————– URL: http://websecurity.com.ua/4266/ —————————– Affected. […]
Vulnerabilities in Cetera eCommerce Posted by MustLive on Jul 28Hello Bugtraq! I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 (SecurityVulns ID: 10489). —————————– Advisory: Vulnerabilities in Cetera eCommerce —————————– URL: http:. […]
PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection Posted by Salvatore Fresta aka Drosophila on Jul 28PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection Name PhotoMap Gallery Vendor http://photoindochina.com Versions Affected 1.6.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta. […]
[security bulletin] HPSBMA02549 SSRT090158 rev.2 – HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data Posted by security-alert on Jul 28SUPPORT COMMUNICATION – SECURITY BULLETIN Document ID: c02282361 Version: 2 HPSBMA02549 SSRT090158 rev.2 – HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data NOTICE: The information in this Security Bulletin should be acted upon. […]
Jira Enterprise 4.0.1 – Multiple Low Risk Vulnerabilities Posted by advisories on Jul 28 Jira – Multiple Low Risk Vulnerabilities Versions Affected: 4.0.1 (other versions were not checked.) Info: JIRA provides issue tracking and project tracking for software development teams to improve code quality and the speed of development. (and so forth.) External Li. […]
Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows – ====================================================================== Table of Contents Affected Soft. […]
Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll String Indexing Vulnerability – ====================================================================== Table of Contents Affected Softwa. […]
Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll Integer Underflow Vulnerability – ====================================================================== Table of Contents Affected Soft. […]
Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow – ====================================================================== Table of Contents Affected So. […]
Secunia Research: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error – ====================================================================== Table of Contents Affected Softwar. […]
Secunia Research: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll – - Floating Point Conversion Buffer Overflow – ====================================================================== Table of Contents. […]
Secunia Research: Autonomy KeyView Compound File Parsing Buffer Overflow Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView Compound File Parsing Buffer Overflow – ====================================================================== Table of Contents Affected Software. […]
Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability Posted by martin on Jul 28Thanks for spotting this. I overlooked this in my haste to release. I have fixed the issue now and the flawed version is not longer available for download.
Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities Posted by Salvatore Fresta aka Drosophila on Jul 28Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities Name Appointinator Vendor http://appointinator.chemeia.info Versions Affected 1.0.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatoref. […]
[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities Posted by Moritz Muehlenhoff on Jul 28———————————————————————— Debian Security Advisory DSA-2075-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff July 27, 2010 http://www.debian.org/security/faq ——————————. […]

SecurityFocus Vulnerabilities

Unofficial Secunia Security Advisories

[4/5] SUSE update for MozillaFirefox and mozilla-xulrunner191 SUSE has issued an update for MozillaFirefox and mozilla-xulrunner191. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user’s system. http://secunia.com/advisories/. […]
[3/5] Red Hat update for libtiff Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. http://secunia.com/advisories/40536/
[2/5] Fedora update for kernel Fedora has issued an update for the kernel. This fixes a vulnerability and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. http://secunia.com/advisories/40533/
[2/5] LISTSERV "T" Cross-Site Scripting Vulnerability Ram Sripracha has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks. http://secunia.com/advisories/40529/
[2/5] osCSS "page" Cross-Site Scripting Vulnerability A vulnerability has been discovered in osCSS, which can be exploited by malicious people to conduct cross-site scripting attacks. http://secunia.com/advisories/40502/
[3/5] Fedora update for w3m Fedora has issued an update for w3m. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. http://secunia.com/advisories/40531/
[3/5] Red Hat update for libtiff Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. http://secunia.com/advisories/40527/
[2/5] b2evolution Cross-Site Request Forgery Vulnerability A vulnerability has been discovered in b2evolutioin, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://secunia.com/advisories/40490/
[3/5] Ubuntu update for libpng Ubuntu has issued an update for libpng. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. http://secunia.com/advisories/40472/
[3/5] Podcast Generator "filename" Directory Traversal Vulnerability BlackHawk has discovered a vulnerability in Podcast Generator, which can be exploited by malicious people to disclose potentially sensitive information. http://secunia.com/advisories/40467/
[4/5] SUSE update for acroread SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user’s system. http://secunia.com/advisories/40487/
[3/5] Sijio Multiple Script Insertion Vulnerabilities Multiple vulnerabilities have been reported in Sijio, which can be exploited by malicious users to conduct script insertion attacks. http://secunia.com/advisories/40492/
[3/5] Pligg "username" SQL Injection Vulnerability A vulnerability has been discovered in Pligg, which can be exploited by malicious people to conduct SQL injection attacks. http://secunia.com/advisories/40516/
[3/5] Cisco Industrial Ethernet 3000 Hardcoded SNMP Community Names A security issue has been reported in Cisco Industrial Ethernet 3000, which can be exploited by malicious people to potentially compromise a vulnerable device. http://secunia.com/advisories/40407/
[2/5] IBM BladeCenter Advanced Management Module Multiple Vulnerabilities Some vulnerabilities have been reported in IBM BladeCenter Advanced Management Module, which can be exploited by malicious users to disclose sensitive information and by malicious people to conduct cross-site scripting attacks or disclose potentially sensitive information. http://secunia.com/advisor. […]
[3/5] Ghost Recon Advanced Warfighter Two Vulnerabilities Luigi Auriemma has reported two vulnerabilities in Ghost Recon Advanced Warfighter, which can be exploited by malicious people to cause a DoS (Denial of Service). http://secunia.com/advisories/40465/

Security Videos & Podcasts

SecurityTube.Net Padding Oracle Exploit Tool vs Apache MyFaces Video Tutorial Ostinato (Traffic Generator) Demo Video Tutorial Infosec Cynic (Episode 5) Video Tutorial Tabnabbing (A new Phishing Attack) Video Tutorial HNNCast for the third week of May 2010 Video Tutorial Root Shell via Metasploit and MySQL Client on Metasploitable Video Tutorial Exploiting TikiWiki in Metasploitable to obtain a Root Shell Video Tutorial Cynic Bytes (An interview with Brian Honan) Video Tutorial Null Session Hacking on Windows Video Tutorial Automating Malicious Update Hacking using Metasploit Video Tutorial Hacking Software Updates with EvilGrade Video Tutorial Infosec Cynic (Episode 4) Video Tutorial Fake AP WiFi Attack Video Tutorial Hacking with Copier Machines Video Tutorial Twitter based Botnet Command and Control Video Tutorial DNSSEC Basics Video Tutorial	PaulDotCom DEFCON Contest PaulDotCom – Security Weekly – Episode 202 part 2 – July 15th 2010 PaulDotCom – Security Weekly – Episode 202 – Part 1 – July 15th 2010 Metasploit’s New GUI Episode 202 Recording notice for July 15th PaulDotCom Security Weekly – Episode 201 Recording Notice for July 8th – Dave Aitel – UPDATE:Cancelled The Disclosure Debate – Some Thoughts & Responses PaulDotCom – Security Weekly – Episode 200 FINAL – June 4th 2010 Episode 201 Featuring Bruce Schneier! PaulDotCom – Security Weekly – Episode 200 Part 6 – June 4th 2010 PaulDotCom – Security Weekly – Episode 200 Part 5 – June 4th 2010 PaulDotCom – Security Weekly – Episode 200 Part 4 – June 4th 2010 PaulDotCom – Security Weekly – Episode 200 Part 3 – June 4th 2010 PaulDotCom – Security Weekly – Episode 200 part 2 – June 4th 2010	Risky Business Risky Business #161 — APTs: Don’t believe the hype Risky Business #160 — Clear evidence of state involvement in Stuxnet malware Risky Business #159 — Skimmers pay massive bribes downunder Risky Business #158 — Pwning up Apple’s iTunes store Risky Business #157 — Voluntary codes versus regulation Risky Business #156 — ICQ heads to Russia, feds worry Risky Business #155 — Can AusCERT survive? Risky Business #154 — Adrian Lamo: Why I turned informer Risky Business #153 — Google ditching Windows for… Red Hat 6.2? Risky Business #152 — Playing in the sandbox with Mark Dowd Risky Business #151 — Didier Stevens talks about cmd.dll Risky Business #150 — Is Near Real Time the detection method of the future? Risky Business #149 — Gloaty FTW edition, plus H D Moore! Risky Business #148 — Good guys writing bad software Risky Business #147 — Kim Zenz in Moscow PLUS Weld on software (in)security Risky Business #146 — Mixed bag edition
Other Stuff
Hack a Day Flipping pancakes WiFi on a Sprint Pixi Emulating an Amiga floppy drive Inductive cellphone charging without voiding warranty Extra extra: Now legal to jailbreak iPhone Store update: Bags, Pads, and possibly badges. 200 mile RF transmitter (and high altitude balloon) Making Nixie tubes at home Air freshener hacking 6809 computing C02 laser in your living room Web-enabled LED pegboard More automated wire cutting HOPE badge proximity sensor DS1307 breakout board		Internal error – WikiLeaks Check our Reddit What links here Follow us on Twitter Digg this page

Packet Storm Security Miscellaneous Files

NocON2010-CFP.txt Call For Papers for the No cON Name 2010 Congress. This conference will be held in Barcelona, Spain, from October 18th through the 19th.
transparent-medical-devices.pdf Whitepaper called Killed by Code: Software Transparency in Implantable Medical Devices.
my-sql.pdf This whitepaper is a MySQL SQL injection tutorial.
H2HC-CFP-2010.txt The Hackers 2 Hackers Conference (H2HC) 7th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from November 27th through the 28th, 2010.
CVP-HackersPerspective.pdf Whitepaper called Cisco VoIP Phone – A Hackers Perspective.
buffer_overflow_edisi_ketiga.txt Whitepaper called Linux Buffer Overflow Tutorial III. Written in Indonesian.
simple-sqlinj.txt Whitepaper called Simple Technique for SQL Injection Form Login Bypass. Written in Indonesian.
clickonce-mitm.txt Interesting write up that goes indepth discussing the man-in-the-middle vulnerabilities associated with Microsoft ClickOnce.
kiwicon2010-cfp.txt Kiwicon ’10 Call For Papers – This year Kiwicon will be held from November 27th through 28th, 2010 in Wellington, New Zealand.
clubhack2010-cfp.txt The Call For Papers for ClubHack 2010 has been announced. For a full list of topics and more information on the convention, hit the home page.

Packet Storm Security Last Files

MDVSA-2010-142.txt Mandriva Linux Security Advisory 2010-142 – The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a. […]
uplusftp-overflow.txt UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit.
symantecams-flaw.txt Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit.
jira-xss.txt Jira version 4.0.1 suffers from a cross site scripting vulnerability.
secunia-autonomykvrp.txt Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited. […]
secunia-autonomykvindex.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsi. […]
zemana-escalate.txt Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability.
ceteraecommerce-sqlxss.txt Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
secunia-wkssriu.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll). […]
secunia-autonomywosr.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based. […]

Security Blogs

Security Bloggers Network The List of Apple Trackpad Gestures Day one at SecurityBSides Las Vegas Black Hat 2010 Alleged Mariposa Botnet Author Nabbed [BSidesLV] Fierce v2 Turning an ATM into a Slot Machine [BSidesLV] Fuck Tools Dead Men Tell No Tales, but Smart Phones Tell All Network Automation is Inevitable Itsecuriteer in twitter [BSidesLV] ExploitHub: Arming the Pen Testers to Plug the Holes [BSidesLV] Building Bridges: Forcing Hackers and Business to “Hug it Out” Contrary to Recent Assertions – Snort 2.9 beta has been released, and it’s awesome.. Security was not really the issue in LA/Google [BSidesLV] Multi-Player MetaSploit Business logic abuse against Yahoo	Schneier on Security DNSSEC Root Key Split Among Seven People Pork-Filled Counter-Islamic Bomb Device WPA Cracking in the Cloud 1921 Book on Profiling Technology is Making Life Harder for Spies Friday Squid Blogging: Squidbillies The Washington Post on the U.S. Intelligence Industry Internet Worm Targets SCADA More Research on the Effectiveness of Terrorist Profiling Book on GCHQ EU Counterterrorism Strategy Economic Considerations of Website Password Policies	LinuxSecurity.com – Latest News Sourcefire Rolls Out Open-Source ‘Razorback’ Chrome gets patched after exploit bounties Torrent legality study ‘horribly wrong’, says TorrentFreak Battle joined for future of open source IPS Hackers to flock to Black Hat, Defcon this week When hackers hack hackers
TaoSecurity Time Issues in Libpcap Traces Review of Digital Forensics for Network, Internet, and Cloud Computing Posted Review of Virtualization and Forensics Posted Review of Digital Triage Forensics Posted Dell Needs a PSIRT Review of The Watchman Posted Review of The Fugitive Game Posted Review of At Large Posted Review of The Cuckoo’s Egg Posted Review of Code Version 2.0 Posted Review of Crypto Posted Review of The Illusion of Due Diligence Posted Human Language as the New Programming Language Brief Thoughts on WEIS 2010 Brief Thoughts on SANS WhatWorks Summit in Forensics and Incident Response 2010 Network Forensics Vendors: Get in the Cloud!	SecuriTeam Blogs Sophos Free Tool To Detect The Windows Shortcut Exploit (.lnk) Differing takes on privacy Social Engineering and Body Language Reflections on Trusting Trust goes hardware Safari AutoFill Exploit REVIEW: “The Design of Rijndael”, Joan Daemen/Vincent Rijmen Microsoft LNK exploit added to Metasploit Microsoft LNK exploit Mozilla Raises Bug Bounty To $3000 For Security Bugs The Internet not a meeting of minds Caller-ID spoof and voicemail Metasploit 3.4.1 Released Microsoft Retires Windows 2000 Professional and XP Service Pack 2 Microsoft Black Tuesday Summary July 2010 Nmap Scripting Engine (NSE) REVIEW: “Enterprise Architecture Using the Zachman Framework”, Carol O’Rourke/Neal Fishman/Warren Selkow	Offensive Computing – Community Malicious code research and analysis AV Testing Standards: Don’t Like the Results of the Tests? Change the Rules Vera 0.11 – Bug Fix Release URLVOID: Suspicious url scanner Released Buster Sandbox Analyzer 1.23 Intelligence and operational level by Siberia Exploit Pack Ether 0.1 Debian Package – BETA Generating Ether-like Trace Files for VERA VERA 0.1 Released State of the art in CRiMEPACK Exploit Pack YARA 1.4 released
Darknet – The Darkside FuzzDiff – Tool For Fuzzing and Crash Analysis WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key) PlainSight – Open Source Computer Forensics LiveCD Microsoft Confirms Windows Zero Day Bug In Shortcut Files Sagan – Real-time System & Event Log (syslog) Monitoring System Clever Attack Allows Theft Of Names & Addresses From IE & Safari thc-ipv6 Toolkit – Attacking the IPV6 Protocol Mozilla Increases Security Bug Bounty To $3000 Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts Sunbelt Software Bought By GFI For An Undisclosed Sum	The Dark Visitor F-U Tencent! PRC based members of carders.cc IWM and Shadow Server Project Report: Shadows in the Clouds Shanghai Jiaotong named as a source in Google compromise PRC Gov Responses to Hacking Allegations – Timeline Freedom of Speech? Not according to Baidu. Lawyers for company ripped off by green dam targeted in spear phishing attacks Chinese hackers don’t like Iranian Diabetics Brav[e\|o] Google.cn PRC hackers attack Iranian websites	Jeremiah Grossman I know who your name, where you work, and live (Safari v4 & v5) Third-Party Web Widget Security FAQ Full-Disclosure, Our Turn In a cyber-war, we fight for economic well-being The Low Hanging Fruit scanner strategy can get you into trouble anti-waf-software-security-only-zealotry Microsoft security IS “good enough” and that’s the problem Replacing Happiness with Pride (Rugged) Ceding the desktop security battle, almost the war Time to start blogging again… Best of Application Security (Friday, Apr. 16) Best of Application Security (Friday, Apr. 9) Best of Application Security (Friday, Apr. 2) Best of Application Security (Friday, Mar. 26) Best of Application Security (Friday, Mar. 19) PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6
cr0 blog Javocalypse There’s a party at Ring0, and you’re invited CVE-2010-0232: Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Virtualization security and the Intel privilege model CVE-2009-2267: Mishandled exception on page fault in VMware Security in Depth for Linux Software CVE-2009-2793: Iret #GP on pre-commit handling failure: the NetBSD case CVE-2009-2698: udp_sendmsg() vulnerability Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692) Old school local root vulnerability in pulseaudio (CVE-2009-1894) Bypassing Linux’ NULL pointer dereference exploit prevention (mmap_min_addr) Time-stamp counter disabling oddities in the Linux kernel Write once, own everyone, Java deserialization issues Local bypass of Linux ASLR through /proc information leaks Interesting vulnerability in udevd 26	Hack In The Box Private details of 100m Facebook users leaked IT employers must invest in skills to stay ahead Apple to Honor Taiwanese Mac Mini Pricing Mishap Second Student Sues School District Over Webcam Spying Android 2.2 for Samsung Galaxy S is leaked Firefox’s next big innovation: A new OS-like interface New Intel technology to make it possible to download an HD movie in a second What’s Missing From StarCraft II’s Launch? Pirate Copies Barnaby Jack Demonstrates ATM ‘Jackpotting’ Facebook’s Security Slackness: A Cautionary Tale Wikileaks: Publication of Afghan informant details worth the risk Microsoft To Release Updated EMET Security Tool BitBlaze tool boosts bug-hunting productivity 10-fold Apple Updates Safari, Turns on Extensions Dell unveils security hardware and services Suspected ‘Mariposa Botnet’ creator arrested	GNUCITIZEN 1ST European Edition of HITB Coming Up! Apple further locks down CUPS (CVE-2010-0540) Hacking Linksys IP Cameras (pt 6) dnsmap v0.30 is now out! Old-school Remote Command Exec Vulnerabilities on Avaya Intuity Skydive Free Web Application Security Testing Tool Of Sec Cons and Magstripe Gift Cards CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept Hacking Linksys IP Cameras (pt 5) Breaking Into a Home With an iPhone Extensions at War Exploit Sweatshop Jeriko Group and Source Code Repository Hacking Linksys IP Cameras (pt 4) Hacking Linksys IP Cameras (pt 3)

The Ethical Hacker Network RSS News Feed

cURL error 7: couldn’t connect to host

carnal0wnage.attackresearch.com

Daily Dave

ha.ckers.org web application security lab

Security4all – Dedicated to digital security, enterprise 2.0 and presentation skills

Metasploit

DVLabs: Blogs

The RISKS Digest

Security Fix

Microsoft Security Advisories

The Microsoft Security Response Center (MSRC)

Community-Based Defense: Looking Outward, Moving Forward Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending agains. […]
Black Hat 2010 BH Landscape Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we’ve been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why? It’s. […]
Announcing Coordinated Vulnerability Disclosure Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of “Responsible Disclosure” to “Coordinated Vulnerability Disclosure.” In recognition of the endless debate between responsible disclosure and full disclosure propo. […]
July 2010 Security Bulletin Webcast Hi, During the July 2010 webcast, we fielded questions varying from the re-release of MS10-024 to answers for the error messages received during the application of MS10-041 and more. Click here to review the full Q&A page so you can see all of the answers that were provided for these and. […]
Security Advisory 2286198 Updated We’ve just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated “Fix It” available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary runnin. […]
Security Advisory 2286198 Released Hi everyone, We have released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this vulnerabili. […]
July 2010 Security Bulletin Release Hi everyone. As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office. MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update. […]
July 2010 Bulletin Release Advance Notification Hi everyone. Today we’re releasing our advance notification for the July security bulletin release, which is scheduled for Tuesday, July 13. This month’s release includes four bulletins addressing five vulnerabilities. Two bulletins, both with a severity rating of Critical, affect Windows. Two of th. […]
Monthly Security Bulletin Webcast Q&A – June 2010 Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: . […]
Security Advisory 2219475 Released Hello – We have released Security Advisory 2219475, addressing the vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. We are not aware of any active attacks at this time. Customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Ser. […]
Windows Help Vulnerability Disclosure Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at. […]
June 2010 Security Bulletin Release Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of the. […]
June 2010 Security Bulletin Advance Notification Hi everyone, Today we published our advance notification for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities. Six of the bulletins affect Windows; of those, two carry a Critical severity ratin. […]
May 2010 Security Bulletin Webcast Hi everyone, Today we posted the questions and answers from this month’s security bulletin webcast. There were a few questions but overall, the webcast was pretty quick with only two bulletins. For the June bulletin release, our webcast will be on Wednesday June 9, 2010 at 11:00 a.m. PDT (UTC -7. […]
May 2010 Security Bulletin Release Hello Everybody- Today are releasing two security bulletins, MS10-030 and MS10-031 to address two vulnerabilities in Windows and Microsoft Office, both rated Critical. As always, we recommend that customers test and deploy both security updates as soon as possible. MS10-030 is a Windows-based update. […]
Advance Notification for the May 2010 Security Bulletin Release Hi everyone, Today we published our advance notification for the May security bulletin release letting customers know that next Tuesday, May 11, we will release two Critical bulletins addressing two vulnerabilities – one in Windows and one in Office. Windows 7 and Windows Server 2008 R2 customers wi. […]

Microsoft Sec Notification

Microsoft Security Bulletin Minor Revision Posted by Microsoft on Jul 21******************************************************************** Title: Microsoft Security Bulletin Minor Revision Issued: July 21, 2010 ******************************************************************** Summary ======= The following bulletin has undergone a minor. […]
Microsoft Security Advisory Notification Posted by Microsoft on Jul 20******************************************************************** Title: Microsoft Security Advisory Notification Issued: July 20, 2010 ******************************************************************** Security Advisory Updated Today ===============================. […]
Microsoft Security Advisory Notification Posted by Microsoft on Jul 19******************************************************************** Title: Microsoft Security Advisory Notification Issued: July 19, 2010 ******************************************************************** Security Advisory Updated Today ===============================. […]
Microsoft Security Advisory Notification Posted by Microsoft on Jul 16******************************************************************** Title: Microsoft Security Advisory Notification Issued: July 16, 2010 ******************************************************************** Security Advisory Released Today ==============================. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jul 14******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: July 14, 2010 ******************************************************************** Summary ======= The following bulletins have undergone a min. […]
Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Jul 13******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: July 13, 2010 ******************************************************************** Summary ======= The following bulletins have undergone a min. […]
Microsoft Security Bulletin Re-Release Posted by Microsoft on Jul 13******************************************************************** Title: Microsoft Security Bulletin Re-Release Issued: July 13, 2010 ******************************************************************** Summary ======= The following bulletin has undergone a major revi. […]
Microsoft Security Bulletin Summary for July 2010 Posted by Microsoft on Jul 13******************************************************************** Microsoft Security Bulletin Summary for July 2010 Issued: July 13, 2010 ******************************************************************** This bulletin summary lists security bulletins released for J. […]
Microsoft Security Bulletin Summary for June 2010 Posted by Microsoft on Jun 08******************************************************************** Microsoft Security Bulletin Summary for June 2010 Issued: June 8, 2010 ******************************************************************** This bulletin summary lists security bulletins released for Ju. […]
Microsoft Security Bulletim Summary for May 2010 Posted by Microsoft on May 11******************************************************************** Microsoft Security Bulletin Summary for May 2010 Issued: May 11, 2010 ******************************************************************** This bulletin summary lists security bulletins released for May. […]
Microsoft Security Bulletin Major Revision MS10-016 Posted by Microsoft on May 03******************************************************************** Title: Microsoft Security Bulletin Major Revision Issued: May 3, 2010 ******************************************************************** Summary ======= The following bulletin has undergone a major re. […]
Microsoft Security Bulletin Re-Release Posted by Microsoft on Apr 27******************************************************************** Title: Microsoft Security Bulletin Re-Release Issued: April 27, 2010 ******************************************************************** Summary ======= The following bulletin has undergone a major rev. […]
Microsoft Security Bulletin Major Revision Posted by Microsoft on Apr 21******************************************************************** Title: Microsoft Security Bulletin Major Revision Issued: April 21, 2010 ******************************************************************** Summary ======= The following bulletins have undergone a maj. […]
Microsoft Security Bulletin Summary for April 2010 Posted by Microsoft on Apr 13******************************************************************** Microsoft Security Bulletin Summary for April 2010 Issued: April 13, 2010 ******************************************************************** This bulletin summary lists security bulletins released for. […]

Mailing Lists

Full Disclosure

Re: Patent Absurdity – How software patents brokethe system Posted by M.B.Jr. on Jul 28I’m sorry, Rohit. Chances are you’re gonna face some problems in the US. Marcio Barbado, Jr.
[ MDVSA-2010:142 ] openldap Posted by security on Jul 28 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:142 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openldap Date : July 28, 2010 Affec. […]
Re: Patent Absurdity – How software patents brokethe system Posted by M.B.Jr. on Jul 28Hi Rohit, sorry for such a delay in this reply. Your point alludes to one very generical concept but it is interesting for it gives the chance to extirpate some confusion people make in this subject. See, maybe you don’t clearly understand the difference between a license. […]
New vulnerabilities in Cetera eCommerce Posted by MustLive on Jul 28Hello Full-Disclosure! I want to warn you about security vulnerabilities in Cetera eCommerce. —————————– Advisory: New vulnerabilities in Cetera eCommerce —————————– URL: http://websecurity.com.ua/4266/ —————————– A. […]
Vulnerabilities in Cetera eCommerce Posted by MustLive on Jul 28Hello Full-Disclosure! I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 (SecurityVulns ID: 10489). —————————– Advisory: Vulnerabilities in Cetera eCommerce —————————– UR. […]
Qualys Adds Exploitability Data Posted by sergio on Jul 28
Re: Speakers Required for null+h4ck3r meet in Delhi on 31st July 2010 Posted by Tõnu Samuel on Jul 28Don’t tell the country Tõnu
Secunia Research: Autonomy KeyView wkssr.dllRecord Parsing Buffer Overflows Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows – ====================================================================== Table of Contents Affected Soft. […]
Secunia Research: Autonomy KeyView wkssr.dllString Indexing Vulnerability Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll String Indexing Vulnerability – ====================================================================== Table of Contents Affected Softwa. […]
Secunia Research: Autonomy KeyView wkssr.dllInteger Underflow Vulnerability Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll Integer Underflow Vulnerability – ====================================================================== Table of Contents Affected Soft. […]
Secunia Research: Autonomy KeyView wosr.dll DataBlock Parsing Buffer Overflow Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow – ====================================================================== Table of Contents Affected So. […]
Secunia Research: Autonomy KeyView rtfsr.dll RTFParsing Signedness Error Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error – ====================================================================== Table of Contents Affected Softwar. […]
Secunia Research: Autonomy KeyView wkssr.dllFloating Point Conversion Buffer Overflow Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView wkssr.dll – - Floating Point Conversion Buffer Overflow – ====================================================================== Table of Contents. […]
Secunia Research: Autonomy KeyView Compound FileParsing Buffer Overflow Posted by Secunia Research on Jul 28====================================================================== Secunia Research 28/07/2010 – Autonomy KeyView Compound File Parsing Buffer Overflow – ====================================================================== Table of Contents Affected Software. […]
Re: Speakers Required for null+h4ck3r meet inDelhi on 31st July 2010 Posted by Rockey Killer on Jul 28New Delhi , India Don’t use google map to find out

Top WordPress blogs