SecurityFeed.info

Feeds

53663 items (53663 unread) in 90 feeds

• Aviv Raff On .NET (26 unread)
• Bugtraq (bugtraq) Mailing List (2691 unread)
• CGISecurity.com: Your Web Site and Application Security Resource (408 unread)
• christian's weblog (25 unread)
• Irongeek's Security Site (337 unread)
• Jeremiah Grossman (183 unread)
• Heorot.net (19 unread)
• milw0rm.com (1332 unread)
• Nmap Hackers (nmap-hackers) Mailing List (27 unread)
• Rootsecure.net (3048 unread)
• SecuriTeam.com (645 unread)
• Security Vulnerability Research & Defense (131 unread)
• SecurityFocus News (428 unread)
• SecurityFocus Vulnerabilities (2552 unread)
• Securityvulns news channel (1644 unread)
• SecWatch - Latest Exploit Alerts (10 unread)
• Taking Network Security to the Streets (28 unread)
• The One And Only Matt Parnell.com (86 unread)
• The Register - Security (2243 unread)
• The Register - Software (2573 unread)
• VulnWatch (vulnwatch) Mailing List (19 unread)
• Web App Security (webappsec) Mailing List (406 unread)
• IceСμbeς (15 unread)
• Linmagazine (694 unread)
• ‫netcraft Bytes :) (124 unread)
• Blonde 2.0 (214 unread)
• The Microsoft Security Response Center (MSRC) (164 unread)
• (IN)SECURE Magazine Notifications RSS (45 unread)
• 0x000000 Security (95 unread)
• ----- Anti-Malware ----- Analysis and Defense (16 unread)
• Apple Fun (25 unread)
• Technorati Search for: aviv.raffon.net (367 unread)
• C.I.S.R.T. (25 unread)
• Determina Zero-Day Protection (6 unread)
• Didier Stevens (152 unread)
• eEye Digital Security - Research Blog (12 unread)
• Ryan Naraine's Security Watch (464 unread)
• Security - RSS Feeds (1050 unread)
• Exploit Prevention Labs (28 unread)
• Software Vulnerability Exploitation Blog (22 unread)
• F-Secure Antivirus Research Weblog (445 unread)
• Full Disclosure (1289 unread)
• George Ou (10 unread)
• GNUCITIZEN Media Portfolio (155 unread)
• ha.ckers.org web application security lab (129 unread)
• heise security (1753 unread)
• invisiblethings' blog (57 unread)
• Jeff Jones's blog (13 unread)
• JScript Blog (26 unread)
• Matasano Chargen (74 unread)
• McAfee Avert Labs (348 unread)
• Michael Howard's Web Log (46 unread)
• PandaLabs (210 unread)
• Zero Day (839 unread)
• SANS Internet Storm Center, InfoCON: green (1051 unread)
• Latest Secunia Security Watchdog Blog Entries (71 unread)
• SecuriTeam Blogs (245 unread)
• Security Fix (494 unread)
• HP ASC Portal (30 unread)
• Strike Center (12 unread)
• Sunbelt Blog (845 unread)
• Sunnet Beskerming Security Advisories (145 unread)
• Technobabylon
• The Recurity Lablog (34 unread)
• Wired: Threat Level (1419 unread)
• TrendLabs | Malware Blog - by Trend Micro (600 unread)
• Uninformed Journal (49 unread)
• WabiSabiLabi's blog (23 unread)
• WatchGuard Wire (128 unread)
• Latest Blog Entires From WebSense Security Labs (152 unread)
• Hackszine.com (638 unread)
• DVLabs: Blogs (143 unread)
• Errata Security (176 unread)
• Robert Hensing's Blog (93 unread)
• PaulDotCom Community Blog (13 unread)
• David LeBlanc's Web Log (34 unread)
• Billy (BK) Rios (29 unread)
• David Litchfield's blog (21 unread)
• Farfromr00tin (27 unread)
• aut disce, aut discede (17 unread)
• pwn* (26 unread)
• hackademix.net (106 unread)
• SecurityDot Vulnerabilities (1939 unread)
• Vulnerabilities & Exploits (87 unread)
• Malicious Code (100 unread)
• Security Risks (66 unread)
• Digg / Security / upcoming (16333 unread)
• digg.com: News / Security / Popular (353 unread)
• DarkReading - Security News (298 unread)
• DarkReading - All Stories (93 unread)

Unread items (100)

• December 31, 2010
• 10:00

  Vuln: Joomla! 'com_rsgallery2' Component 'catid' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Joomla! 'com_rsgallery2' Component 'catid' Parameter SQL Injection Vulnerability
• December 15, 2010
• 10:00

  Vuln: TYPO3 Diocese of Portsmouth Calendar Unspecified SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  TYPO3 Diocese of Portsmouth Calendar Unspecified SQL Injection Vulnerability

• February 09, 2010
• 10:22

  Slashdot: Verizon Blocking 4chan

   » ‎ Rootsecure.net
  Slashdot: Verizon Blocking 4chan
• 10:22

  Krebs On Security: Comerica Phish Foiled 2-Factor Protection

   » ‎ Rootsecure.net
  Krebs On Security: Comerica Phish Foiled 2-Factor Protection

• 10:00

  Vuln: Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability
• 10:00

  Vuln: SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability

• 9:30

  Securityproductzone - IP Cameras, Lens, CRT/LCD Monitor, Cap

   » ‎ Digg / Security / upcoming
  Security product zone is the Best Source for IP Cameras, Lens, CRT/LCD Monitor, Capture Cards, Routers, Switch, Microphone and more at direct factory prices. A reliable, trusted source for Security products
• 9:23

  Tata consultancy Services website for sale, Hackers day out

   » ‎ Digg / Security / upcoming
  And what did Mr. Ratan Tata see when he tried logging into his own companies official website http://www.tcs.com this morning? �This domain name is for sale� flashing both in English and French. Definitely not a great start for TCS today as it is reported to have come under hackers control for a few hours till 7 am this morning. The irony is that T
• 9:18

  Everything PC | Cleveland, Akron, Canton PC Repair / Upgrade

   » ‎ Digg / Security / upcoming
  Offering mobile pc services in the cleveland, akron and canton regions. We will repair your computer affordably, every time. Also offering upgrades and networking services.

• 9:17

  Dradis Framework v2.5 is out!

   » ‎ Web App Security (webappsec) Mailing List

  Posted by etd on Feb 08

  Hi all,
  
  We have pushed a new major release of Dradis (an open source framework
  to enable effective information sharing), and it comes with a few new
  features [i]:
  
  * Improved Note editor: bigger, easier to use and supports formatting!
  * New First Time User Wizard
  * Keep track of all the activity with the built-in RSS feed
  * More plugins:
  o New HTML Export reporting plugin.
  o New Burp Upload plugin so you can use Burp Scanner output....
  

• 9:03

  Global Learning AllinOne Resurse Training

   » ‎ Digg / Security / upcoming
  Resurse training IT, CISCO, Microsoft, Linux

• 9:02

  OpenOffice is the new David Hasselhoff

   » ‎ The Register - Software
  Big in Germany. Not so big in Blighty

  A new study from German web analytics firm Webmasterpro.de shows that adoption rates of open source productivity software suites swings wildly between different countries.…

• 9:02

  Delayed Visual Studio 2010 RC due this week

   » ‎ The Register - Software
  Trimmer fit

  The delayed next edition of Microsoft's Visual Studio is due as a release candidate by the end of this week.…

• 9:01

  How to hack Twitter

   » ‎ Digg / Security / upcoming
  It consist of some techniques how to protect your twitter account
• 8:55

  Best Spyware Removal: Why the Need to Remove Adware and ...

   » ‎ Digg / Security / upcoming
  Best Spyware Removal: Why the Need to Remove Adware and Spyware
• 8:54

  GoDaddy Silences Police-Watchdog Site RateMyCop.com

   » ‎ Digg / Security / upcoming
  A new web service that lets users rate and comment on the uniformed police officers in their community is scrambling to restore service Tuesday, after hosting
• 8:53

  We're All Hackers Now

   » ‎ Digg / Security / upcoming
  But will Apple help close off the promise of the creatively open Internet?
• 8:48

  Different Ways To Party

   » ‎ Digg / Security / upcoming
  Different Party Articles
• 8:26

  Trend Micro Rejiggers Small-Biz SaaS Security

   » ‎ Digg / Security / upcoming
  Trend Micro on Monday announced a new and completely overhauled version of its Software as a Service for small and medium-sized businesses. The new version, named "Worry-Free Business Security Services," replaces "Worry-Free Business Security Hosted,
• 8:19

  Securing Your Website Should be a Serious Business | The Bes

   » ‎ Digg / Security / upcoming
  Securing your website should be a serious business. Do not make the mistake of leaving your websites unsecured or you could pay a very heavy price.
• 8:08

  Paladin Antivirus - How to remove

   » ‎ Digg / Security / upcoming
  Paladin Antivirus is a rogue antispyware program that distributed through the use of trojans. The program is unable to detect or remove any infections. Paladin Antivirus uses false scan results and fake security alerts as an attempt to scare user into purchasing the full version itself. Most importantly, do not purchase it!
• 7:59

  Quality CCTV Spy Cameras for you Home or Business

   » ‎ Digg / Security / upcoming
  Quality Hidden CCTV Spy Cameras for you Home or Business,to check on your home or to check on you employees while away,
• 7:56

  Do I really have Spyware?

   » ‎ Digg / Security / upcoming
  Do I really have Spyware?
• 7:47

  Working Cell Phone Demo from Surveillance Solutions for CCTV

   » ‎ Digg / Security / upcoming
  Working Demo of the PDA Software for our Alnet Surveillance Systems so you can keep track of your cameras on you Smart Phone ,can use with any of our systems here is an example od a working unit that you can play with the buttons

• 7:45

  Sun's cloud and gaming execs leave Oracle

   » ‎ The Register - Software
  Kenai reprieved

  Oracle's chief Larry Ellison recently promised he'll be hiring more staff than he'll be letting go from Sun Microsystems.…

  The power of collaboration within unified communications

• 7:39

  How To Change Your IP Address in 20 Seconds

   » ‎ Digg / Security / upcoming
  This is a guide on how to change your IP in 20 seconds or less. This can be used if your IP address has been banned/blocked by a game server. I've tried this on both Windows XP and Windows 2000, and it has worked.
• 7:34

  Google and NSA « The Garnet Spy

   » ‎ Digg / Security / upcoming
  The National Security Agency is using it's familiarity of cyber operations - knowing what adversaries do and how they do it - along with it's own expertise in protecting national information systems to assist Google and, thus protect Google's users. Know anyone who uses Google?
• 7:20

  Valentines Day Spam - Get Ready for the Blitz!

   » ‎ Digg / Security / upcoming
  A fantastic post on the pending blitz of spam for the Valentines Day crush rush of shoppers. Pay attention lovers this post could save you a few bucks in the long run.
• 7:02

  ZoneAlarm Antivirus - Protect Your Computer

   » ‎ Digg / Security / upcoming
  ZoneAlarm Antivirus - Protect Your Computer
• 6:35

  Leading US health insurance company sued over client data

   » ‎ Digg / Security / upcoming
  In a serious breach of data security, Health Net, a leading US health insurance provider, recently reported that data of 446,000 of its clients was stolen in
• 6:31

  Trik Supaya Modem Lebih Cepet- Willy Weblog

   » ‎ Digg / Security / upcoming
  Hack Modem Anda dan Meningkatkan Kecepatan download dari 64Kbps Sampai sesuai Harapan Anda. Sebagian besar dari kita akan merasa bahwa kecepatan berselancar yang dialokasikan oleh ISP kami tidak cukup...
• 6:29

  Belajar Hacker- Willy Weblog

   » ‎ Digg / Security / upcoming
  Wah... Seiring dengan perkembangan teknologi semakin tinggi pula kehebatan sang hacker.Yuk kita belajar sama-sama apa itu hacker sebenarnya...
• 6:26

  Access Control System with Fingerprint time Attendance

   » ‎ Digg / Security / upcoming
  Fingerprint based time management ideal for offices and corporate with time attendance software.We have a wide range of time attendance,fingerprint time attendance,biometric time attendance,biometric fingerprint time attendance,fingerprint biometric time attendance device for fingerprint based time management in offices and corporate set-ups.
• 6:20

  USB Fingerprint scanner

   » ‎ Digg / Security / upcoming
  We Provide have a wide range of Fingerprint scanner,usb fingerprint scanner,Biometric Scanner,Secugen Scanner,USB biometric Scanner,Biometric Fingerprint Scanner,Fingerprint Biometric Scanner,or a computer Security featuring superior performance, accuracy, durability based on unique Fingerprint Biometric Technology.
• 6:15

  Fingerprint Biometric Access Control

   » ‎ Digg / Security / upcoming
  Access Control is a fingerprint based access control and time attendance system for all kind of office and factory.Tutis Access Control is a fingerprint based access control and time attendance system for all kinds of office and factory premises. Access Control refers to the practice of restricting entrance to a property.
• 5:48

  0-20 minutes Matthews Locksmith

   » ‎ Digg / Security / upcoming
  Matthews Locksmith is a 24 hour locksmith in Matthews NC. Matthews locksmith provides residential, automotive, and commercial services for anyone in need of a Locksmith in Matthews North Carolina.Call us today !! 15-20 minutes response.
• 5:45

  Coming Soon Under Construction 02 4 Skins

   » ‎ Digg / Security / upcoming
  Nice Template
• 5:35

  SafePcAv Infection

   » ‎ Digg / Security / upcoming
  SafePcAv is a rogue program that will be present on computer without users knowledge during a Trojan infection.
• 5:34

  GuardWWW Removal Guide

   » ‎ Digg / Security / upcoming
  GuardWWW is a malware that was originated from rogue program developers and must be removed from computer immediately.
• 5:33

  Tips, Trik, Tutorial: Melindungi keamanan Kartu ATM dan PIN

   » ‎ Digg / Security / upcoming
  Berikut ini tips praktis untuk menjaga dan melindungi keamanan kartu ATM dan PIN ATM anda agar tidak kebobolan.Kartu ATM1. Jangan pinjamkan dompet atau tas anda yang berisi kartu ATM kepada orang yang tidak anda percayai. baca selengkapnya:
• 5:32

  Paladin Antivirus Removal Tool

   » ‎ Digg / Security / upcoming
  Paladin Antivirus is a fake antivirus program that should be remove by this given removal tool.
• 5:30

  Virus.Boot-DOS.V.1526 Removal

   » ‎ Digg / Security / upcoming
  Virus.Boot-DOS.V.1526 is a fake virus detected on a fake virus scan.
• 5:29

  Trojan-BNK.Win32.Keylogger.gen Removal

   » ‎ Digg / Security / upcoming
  Trojan-BNK.Win32.Keylogger.gen is a fake threat detection created by rogue antivirus program.
• 5:28

  Remove Advanced Defender

   » ‎ Digg / Security / upcoming
  Advanced Defender is a rogue security program that must be remove immediately from an infected computer.

• 5:25

  Black Hawk Down

   » ‎ F-Secure Antivirus Research Weblog
  Kudos to the Chinese authorities for shutting down an online hacker training operation known as the Black Hawk Safety Net. The Black Hawk operation, which provides Trojan software and lessons in cyberattack techniques, comprises 12,000 paid subscribers and another 120,000 free members.
  
  Three people who run the Black Hawk’s website have been arrested, and the site has now been blocked from access. The police also seized nine servers, five computers and a car during the raid.
  
  For further details, you can read it at [Yahoo! News]
  

  On 09/02/10 At 03:59 AM

• 5:10

  Phishing

   » ‎ Digg / Security / upcoming
  Phishing is everywhere, or so it seems. Evil phishermen are sitting at their computers as we speak. They await your slightest status update to swoop down and hijack your account, thus gaining access to all your social networking information, and—via your "friends" or followers" list—access to your contacts as well. Horrors!
• 4:24

  Benefits of Opting for Google Pay Per Click Advertising ...

   » ‎ Digg / Security / upcoming
  Benefits of Opting for Google Pay Per Click Advertising Services
• 4:20

  Worst Possible Passwords

   » ‎ Digg / Security / upcoming
  Read all about what not to use when it comes to picking a password.

• 4:20

  Facebook "Cash Scam" Continues to Grow Bigger

   » ‎ digg.com: News / Security / Popular
  Users personal information is revealed through photos, status updates and conversations that are being well documented online. Last week, the Serious Fraud Office of London (SFO) warned that Facebook and Twitter are being used to harvest users’ personal financial details by fraudsters in order to operate "boiler rooms" offshore.

• 4:11

  Analyzing Raw Apache Log Files for Analytics & Security

   » ‎ Digg / Security / upcoming
  Log files provide important access to data on how users interaction with your server, providing valuable information for both security and analytics purposes. The two main types of logs provided by your server are error and access logs. By understanding the meanings of information within these files you can optimize your site accordingly.
• 3:35

  Stripped A Screw? Here's How To Get It Out

   » ‎ Digg / Security / upcoming
  We have all stripped a screw at one time or another. Most of the time we just leave them in place or do not have a need to take them out. Today we're going to get that pesky screw out. There are a couple of methods for removal.
• 3:32

  To Protect and Serve Who?

   » ‎ Digg / Security / upcoming
  Law Enforcement Agencies need greater assistance from Internet Service Providers in fighting cybercrime. Does this really benefit everyone?

• 3:08

  Distributing malware through Facebook

   » ‎ PandaLabs
  People ask me many times how are the bad guys using Facebook to distribute malware. Even though there are multiple answers to that question, at the end of the day Facebook is just another way to communicate, and it has more that 400 million users, so it's just another mean ...

• 3:07

  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

   » ‎ Securityvulns news channel
  PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Applications: evalsmsi 2.1, LANDesk Management Gateway 4.2, LANDesk Management Gateway 4.0 (08.02.2010)
• 3:07

  Gnome Nautilus code execution

   » ‎ Securityvulns news channel
  HTML script is executed in local machine context on HTML prveiew. (08.02.2010)
• 3:07

  Ipswitch IMail multiple security vulnerabilities

   » ‎ Securityvulns news channel
  Weak permissions for registry and installation folder. Passwords are stored in readable location with reversible encryption. Applications: IMail 11.01 (08.02.2010)
• 3:07

  libmikmod multiple buffer overflows

   » ‎ Securityvulns news channel
  Multiple overflows on Impulse Tracker and Ultratracker format parsing. Applications: libmikmod 3.1 (08.02.2010)

• 3:07

  Bugtraq: [security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other
• 3:07

  Bugtraq: RE: Samba Remote Zero-Day Exploit

   » ‎ SecurityFocus Vulnerabilities
  RE: Samba Remote Zero-Day Exploit
• 3:07

  Bugtraq: [ MDVSA-2010:034 ] kernel

   » ‎ SecurityFocus Vulnerabilities
  [ MDVSA-2010:034 ] kernel
• 3:07

  Bugtraq: [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access

• 3:07

  Net Security: Zero-day vulnerabilities on the market

   » ‎ Rootsecure.net
  Net Security: Zero-day vulnerabilities on the market
• 3:07

  The Register: Sweden to prosecute alleged Cisco, NASA hacker

   » ‎ Rootsecure.net
  The Register: Sweden to prosecute alleged Cisco, NASA hacker
• 3:07

  H Security: Vulnerability in Samba provides access to files

   » ‎ Rootsecure.net
  H Security: Vulnerability in Samba provides access to files
• 3:07

  H Security: Infected add-ons found on Mozilla download site

   » ‎ Rootsecure.net
  H Security: Infected add-ons found on Mozilla download site
• 3:07

  The Register: Google doppelganger casts riddle over interwebs

   » ‎ Rootsecure.net
  The Register: Google doppelganger casts riddle over interwebs
• 3:07

  Reuters: China shuts down largest hacker training website "China has closed what it claims to be the largest hacker training website in the country and arrested three of its members"

   » ‎ Rootsecure.net
  Reuters: China shuts down largest hacker training website "China has closed what it claims to be the largest hacker training website in the country and arrested three of its members"
• 3:07

  Slashdot: Paypal Reverses Payments Made To Indians

   » ‎ Rootsecure.net
  Slashdot: Paypal Reverses Payments Made To Indians
• 3:07

  CSO: Why CSOs Should Care About ShmooCon "CSO Senior Editor Bill Brenner on why high-level security execs should pay more attention to a hacker fest like ShmooCon"

   » ‎ Rootsecure.net
  CSO: Why CSOs Should Care About ShmooCon "CSO Senior Editor Bill Brenner on why high-level security execs should pay more attention to a hacker fest like ShmooCon"
• 3:07

  Network World: ShmooCon - P2P Snoopers Know What's In Your Wallet

   » ‎ Rootsecure.net
  Network World: ShmooCon - P2P Snoopers Know What's In Your Wallet
• 3:07

  Computer World: ShmooCon - Inside FarmVille's sinister underbelly

   » ‎ Rootsecure.net
  Computer World: ShmooCon - Inside FarmVille's sinister underbelly
• 3:07

  Wired: 21st-Century Shooters Are No Country for Old Men

   » ‎ Rootsecure.net
  Wired: 21st-Century Shooters Are No Country for Old Men

• 2:49

  IRS Tax Avoidance Scam

   » ‎ Digg / Security / upcoming
  Today, eSoft is alerting customers to a new targeted email scam. This newest twist to the common IRS email scam seems to be targeted to organizations, notifying the recipient of a tax evasion complaint being filed against the company.
• 2:47

  Digital 'Fort Knox' Hacked

   » ‎ Digg / Security / upcoming
  A hacking specialist reveals a weakness that can force heavily secured computers to spill their secrets.

• 2:43

  Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html, (Tue, Feb

   » ‎ SANS Internet Storm Center, InfoCON: green
  ...(more)...

• 2:39

  What freedom? Driver's licenses for the Internet, Part 2

   » ‎ Digg / Security / upcoming
  The conversation about where to draw the line between privacy and security is as old as society itself. I didn't mean to so forcefully insert myself into the middle of that debate when I wrote about a Microsoft executive ruminating on the possibility of driver's licenses for the Internet.

• 2:36

  Oracle Patches Dangerous WebLogic Server Flaw

   » ‎ Ryan Naraine's Security Watch
  Oracle has pushed out an emergency fix for a vulnerability made public on a Website roughly two weeks ago.

  
  

  

• 2:35

  Your PC Matters - Hoax email warning UPS Delivery Problem NR

   » ‎ Digg / Security / upcoming
  The following (or similar) email is currently in circulation and should be ignored. The email also contains an attachment, eg UPS_invoice_Nr19373.zip.Hello!We were not able to deliver the package sent on the 17th of Januar

• 2:33

  [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers

   » ‎ Bugtraq (bugtraq) Mailing List

  Posted by CORE Security Technologies Advisories on Feb 08

  Core Security Technologies - CoreLabs Advisory
  [www.coresecurity.com]
  
  Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
  
  1. *Advisory Information*
  
  Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
  Advisory Id: CORE-2010-0121
  Advisory URL:
  [www.coresecurity.com]
  Date published: 2010-02-05
  Date of last update: 2010-02-05...
  

• 2:33

  Adobe apologizes for festering Flash crash bug

   » ‎ The Register - Security
  16 months...and counting

  An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.…

  Web threats: Why conventional protection doesn't work

• 2:29

  [Hacking Event] Night Da Hack 2010 : Call For Proposals

   » ‎ Bugtraq (bugtraq) Mailing List

  Posted by m . mahdjoub on Feb 08

  - Night Da Hack 2010
  
  Date: June 19-20 2010
  Time: 4 PM - 7 AM
  Location: Paris, France
  
  What is Night da Hack?
  “Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and
  inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.
  
  Around computer security related talks, workshops and contests, Night da Hack aims at bringing...
  

• 2:28

  A New Career Path « Computer Forensics School

   » ‎ Digg / Security / upcoming
  I was laid off one year ago. I have decided to go back to school to learn computer forensics. I will be blogging about my journey for those interested. I will also be seeking help from any readers who have input into any of my plans and goals. Thanks to all who read and support my blog and my continued education.

• 2:25

  Conficker outbreak infects Leeds hospital servers

   » ‎ The Register - Security
  Sicko

  Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week.…

• 2:24

  JDownloader Remote Code Execution

   » ‎ Bugtraq (bugtraq) Mailing List

  Posted by Matthias -apoc- Hecker on Feb 08

  -- Product
  
  JDownloader[1] is an open source download manager for One-Click-
  Filehoster like Rapidshare or Megaupload. The Click'n'Load[2] interface
  allows external applications and websites to send URLs to the local
  running JDownloader. With Click'n'Load2 [3] it is possible to sent
  AES-CBC encrypted URLs (for some kind of link 'obfuscation').
  The encrypted payload _and_ key are sent with an HTTP-POST submit on
  localhost port 9666 (default port,...
  

• 2:23

  When is a 0day not a 0day? Samba symlink bad default config, (Tue, Feb 9th)

   » ‎ SANS Internet Storm Center, InfoCON: green
  When is a 0day not a 0day? When the exploit ends up being just a poor default configuration issue. I ...(more)...

• 2:22

  Your PC Matters - Scam email warning: Verify your CUA accoun

   » ‎ Digg / Security / upcoming
  The following (or similar) email is currently in circulation and should be ignored. The email also contains an attachment, eg UPS_invoice_Nr19373.zip.
• 2:16

  Defend your Small Business against Online Bank Fraud

   » ‎ Digg / Security / upcoming
  Is your banking practices putting your business at risk? Protect your small business accounts from cybercriminals. The Wall Street Journal offers the following suggestions for small businesses seeking to ward off an attack:
• 2:14

  Keylogger

   » ‎ Digg / Security / upcoming
  Due to many hijacking activities used public internet service, we as a public internet service owner must be carefully to unknown people who use our computer. Many good tools to watch the activity of your computer, what the use, who is using or how much time it was used but you may not be able to secure the data or to see what data injected to your

• 2:10

  Re: Samba Remote Zero-Day Exploit

   » ‎ Bugtraq (bugtraq) Mailing List

  Posted by Stefan Kanthak on Feb 08

  Dan Kaminsky wrote on February 06, 2010 6:43 PM:
  
  OUCH!
  No, creating junctions (as well as the Vista introduced symlinks)
  DOESN'T need admin rights!
  
  [snip]
  
  Stefan
  

• 2:04

  Laptop Encryption Software Not Installed Properly On Stolen

   » ‎ Digg / Security / upcoming
  Two computers were stolen from AvMed Health Plans, compromising the information for nearly 210,000 subscribers and dependents. It sounds like disk encryption was used to protect the laptops; however, there is a fear that "one of the laptops may not have been encrypted properly."
• 2:01

  How to remove Paladin Antivirus fake security program

   » ‎ Digg / Security / upcoming
  Paladin Antivirus is yet another bogus security software. Please removal it from your computer upon detection.
• 1:46

  WebHostBlog - Domain Renewals - The Importance of Renewing Y

   » ‎ Digg / Security / upcoming
  A guide to keeping your domain name upto date, tips for domain renewals.

• 1:40

  Sweden Probing Cisco, NASA Hacks

   » ‎ Wired: Threat Level

  Swedish investigators are probing a hacker U.S. authorities accuse of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division, the authorities said Monday.

  Philip Gabriel Pettersson, known in the hacking world as “Stakkato,” allegedly seized computer code that controls internet traffic. After the 2004 breach of Cisco, the proprietary source code for Cisco’s IOS operating system was discovered on a Russian website.

  Pettersson was indicted in the United States in May on five hacking counts, (.pdf) but could not be brought from Sweden to the United States for trial. Sweden does not extradite its own citizens, but said it was examining whether to prosecute him in Sweden after U.S. authorities in San Francisco initiated that request.

  “The intrusions to Cisco Company and NASA are regarded as computer intrusion according to Swedish law,” (.pdf) Swedish prosecutor Chatrine Rudstrom told federal prosecutors in San Francisco, according to documents released Monday.

  Still, Rudstrom told San Francisco federal authorities that Sweden was not guaranteeing it would charge the 21-year-old suspect.

  Petterrson was convicted in 2007 of invading the networks of three Swedish universities and ordered to pay $25,000 in damages. He was 16 at the time of the intrusions.

  Photo: altemark

  See Also:

  • Hacked E-Mails Fuel Global Warming Debate
  • Google Hack Attack Was Ultra Sophisticated, New Details Show …
  • Hack of Google, Adobe Conducted Through Zero-Day IE Flaw
  • Internal Twitter Credentials Used in DNS Hack, Redirect
  • Decision Looms on iPhone Hack
  • 7-Eleven Hack From Russia Led to ATM Looting in New York
  • Web Censor Seeks $2.2 Billion for China Hack

  
  

  

• 1:29

  Re: Samba Remote Zero-Day Exploit

   » ‎ Bugtraq (bugtraq) Mailing List

  Posted by Dan Kaminsky on Feb 08

  You need admin rights to create junctions. At that point, path
  constraints aren't relevant, just psexec and get not only arbitrary
  path but arbitrary code.
  
  The fix is to do what everybody with a directory traversal bug has to
  do, block out of path relative directories. In this specific case,
  prevent the creation of symlinks where the target is out of the SMB
  share's range. (Still allow navigation to such symlinks if one exists,...
  

• 1:25

  Paladin Antivirus removal

   » ‎ Digg / Security / upcoming
  How to remove Palladin av
• 1:20

  Free Porn For Women

   » ‎ Digg / Security / upcoming
  I am posting porn. Delete my account. You've got to kick me off because I am blatantly violating the terms of use. *****. See? I am also using foul language. I am sorry to post this foul stuff that I don't like, but I tried to delete my account and digg won't let me. Please delete my account.
• 1:18

  smartstuff4all.blogspot.com: MS Word Trick

   » ‎ Digg / Security / upcoming
  Windows trick - MS Word Trick
• 1:15

  Facebook "Cash Scam" Continues to Grow Bigger

   » ‎ Digg / Security / upcoming
  Users personal information is revealed through photos, status updates and conversations that are being well documented online. Last week, the Serious Fraud Office of London (SFO) warned that Facebook and Twitter are being used to harvest users’ personal financial details by fraudsters in order to operate "boiler rooms" offshore.
• 1:02

  Advanced Defender

   » ‎ Digg / Security / upcoming
  Advanced Defender is a fake security application. Do not trust this scareware.How to remove Advanced Defender ?If your PC is infected with Advanced Defender use MBAM to remove the infection. ( http://www.malwarebytes.org/ )

• 0:55

  Re: Samba Remote Zero-Day Exploit

   » ‎ Bugtraq (bugtraq) Mailing List

  Posted by Kingcope on Feb 08

  Hello Paul,
  
  First and foremost I did not know about the configuration setting which
  closes the bug when i posted the advisory. So this was my mistake.
  But for the most servers which are not entirely hardened (and my
  assumption is that this applies to many servers in internal networks)
  the traversal can be a serious issue, because a samba user (even nobody)
  can create the symlinks. It would in my point of view be more secure to
  only allow...