The Register - Security Last Downloaded: Thu, 21 Aug 2008 18:32:02 GMT.   Dabs.com founder accused of attempted rape, drugs offences   Remanded in custody The founder of Dabs.com, David Atherton, has been charged with attempted rape and possession of Class A drugs.…   Opera update draws the curtain on seven security vulns   Keeping schtum on XSS bug details, though Opera users should upgrade their browser software following the discovery of multiple security bugs.…   UK fraudster gang go PIN sniffing   Portsmouth Asda links to credit card hack Analysis The organised tampering of PIN entry devices to commit credit card fraud, which led to arrests in Birmingham last week, has been linked to a breach in an Asda store on the outskirts of Portsmouth.…   Microsoft's IE 8 puts giant web hole on notice   Tell us if you've heard this one before? Engineers in Microsoft's Internet Explorer group are devising a new means to stamp out one of the web's biggest security banes: attacks that steal email, bank account credentials and other sensitive information by injecting malicious code into trusted websites.…   Googlephone security team seeks bug hunters   Android needs You Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform.…   Gag order lifted for students who hacked subway card   MIT students free to discuss gaping holes Three Massachusetts Institute of Technology undergraduates are once again free to publicly discuss gaping security holes in the Boston subway system after a federal judge refused to renew a gag order requested by transportation officials.…   Mystery Fedora disruption prompts security fears   Did security breach prompt ground-up rebuild? The majority of servers supporting the Fedora Linux distribution were back online on Tuesday following a mystery disruption.…   Goldfish customers sent wrong bills   'We're sorry about that. We're sorry about that' A printing mix-up resulted in thousands of Goldfish credit card customers receiving other people's bills.…   Vodafone exec stabbed to death in country home   Man questioned Police are questioning a man following the murder of a senior Vodafone UK executive on Saturday.…   Symantec nabs PC Tools for added street cred   G'day to added anti-spyware Security and storage giant Symantec has agreed to buy specialist Australian-based anti-spyware firm PC Tools. Terms of the deal were undisclosed in Monday's announcement.…   'Malvertizement' epidemic visits house of Newsweek.com   Symptoms felt 'all over the net' Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn.…   Pirated movie downloads offered as Zango sweetener   Holy warez, Batman Zango affiliates are offering gateway access to pirated films, including the Hollywood blockbuster The Dark Knight, in a bid to induce users into accepting adware.…   Cisco plugs online meeting bug   Buffer buffed Cisco has plugged a buffer overflow flaw involving its popular WebEx online meeting client.…   GlobalSign revokes cert of rogue security app   Certified malware exposes shortcomings of digital certificates GlobalSign has revoked the digital certificate of a rogue security application, which acquired the veneer of respectability by parading the credentials while trying to scam users.…   Mystery web attack hijacks your clipboard   No, Macs are not immune A new web-based attack is making the rounds that tries to spread poisonous links by hijacking end users' clipboards.…   Microsoft ramps up vuln ActiveX controls cull   Third-party fire and exploit block This week's Patch Tuesday update was nearly as difficult to digest as a Michael Phelp's breakfast. It contained 11 bulletins covering 26 underlying vulnerabilities, the most in two years.…   Murdered Chinese students linked to online betting scam   Forum threats over football bets The two Chinese Newcastle University graduates murdered last weekend could be linked to a complex web betting scam, Northumbrian Police believe.…   Home Office reaches half-way hash in secure data handling   Encryption bureau to operate like internal post office Analysis The UK Home Office has introduced procedures to handle encrypted personal data from external partners. However, guidelines on how the new Home Office Central Cryptography service will work raise concerns about possible shortcomings with the service which, while a big improvement, falls below best practice in sectors such as banking.…   Judge refuses to lift order squelching students' subway card hack   Can't get no relief A federal judge has refused to strike down an order gagging three Massachusetts Institute of Technology undergraduates from discussing gaping security holes in electronic payment systems used by Boston's transit agency.…   Bear prints found on Georgian cyber-attacks   Shots by both sides Security researchers claim to have uncovered evidence pointing to a link between Russian state-run businesses and cyber-attacks against Georgia.…

SecurityFocus News Last Downloaded: Thu, 21 Aug 2008 18:07:12 GMT.   News: Researchers race to zero in record time  Researchers race to zero in record time   News: Gov't charges alleged TJX credit-card thieves  Gov't charges alleged TJX credit-card thieves   News: Poisoned DNS servers pop up as ISPs patch   Poisoned DNS servers pop up as ISPs patch >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   News: E-Gold pleads guilty to money laundering  E-Gold pleads guilty to money laundering   Brief: States seek workarounds for e-voting systems  States seek workarounds for e-voting systems   Brief: Judge nixes gag order against MIT students   Judge nixes gag order against MIT students >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   Brief: P2P investigation leads to child-porn busts  P2P investigation leads to child-porn busts   Brief: U.K. response team releases Net security guide  U.K. response team releases Net security guide   News: TJX employee fired for exposing shoddy security   TJX employee fired for exposing shoddy security >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   News: Thoughts of a Teenage Bot Master  Thoughts of a Teenage Bot Master   News: Radio Free Europe hit by DDoS attack  Radio Free Europe hit by DDoS attack   News: Flash vuln fells Vista   Flash vuln fells Vista >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   News: Nigeria enlists Microsoft to fight spam scammers  Nigeria enlists Microsoft to fight spam scammers   News: Cross-Site Scripting Worm Hits MySpace  Cross-Site Scripting Worm Hits MySpace   News: Another data security bill in the works   Another data security bill in the works >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   News: FTC sues company over spyware  FTC sues company over spyware   Infocus: Blocking Traffic by Country on Production Networks  Blocking Traffic by Country on Production Networks   Infocus: Integrating More Intelligence into Your IDS, Part 2   Integrating More Intelligence into Your IDS, Part 2 >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   Infocus: Integrating More Intelligence into Your IDS, Part 1  Integrating More Intelligence into Your IDS, Part 1   Infocus: A Guide to Different Kinds of Honeypots  A Guide to Different Kinds of Honeypots

Latest Security Files/Exploits

Packet Storm Security Last 20 Last Downloaded: Thu, 21 Aug 2008 16:06:39 GMT.   MDVSA-2008-177.txt  Mandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.   MDVSA-2008-176.txt  Mandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue.   MDVSA-2008-175.txt  Mandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue.   surveywizard-sql.txt  Survey Wizard suffers from a remote SQL injection vulnerability.   dxshopcart-sql.txt  DXShopCart version 4.30mc suffers from a remote SQL injection vulnerability.   faqman-sql.txt  FAQ Management suffers from a remote SQL injection vulnerability.   CORE-2008-0813.txt  Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.   CORE-2008-0624.txt  Core Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability.   simasycms-sql.txt  Simasy CMS suffers from a remote SQL injection vulnerability.   sipwitch-0.3.0.tar.gz  GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.   webeditioncms-sql.txt  WebEdition CMS remote blind SQL injection exploit.   phpbazar-sql.txt  phpBazar version 2.0.2 suffers from a remote SQL injection vulnerability.   DirBuster-0.11-src.tar.bz2  DirBuster is a multi-threaded java application designed to brute force directories and files names on web/application servers.   toorconCFP2008.txt  ToorCon X Call For Papers - Papers and presentations are being accepted for ToorCon X to be held at the Convention Center in San Diego, CA from September 24th through the 25th.   folderlock-disclose.txt  Folder Lock versions 5.9.5 and below suffer from a local password information disclosure vulnerability.   pars4u-sqlxss.txt  Pars4U Videosharing version 1 cross site scripting and remote blind SQL injection exploit.   collabreate-defcon.tgz  CollabREate is an IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project. This is the Defcon demo bundle.   Grendel-Scan-v1.0-src.zip  Grendel-Scan is an open-source web application security testing tool. It has an automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests.   voiper-0.06.tar.gz  VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxiliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development.   modscan.py.txt  ModScan is a new tool designed to map a SCADA MODBUS TCP based network. The tool is written in python for portability and can be used on virtually any system with few required libraries.

powered by zFeeder