The Register - Security Last Downloaded: Sat, 04 Sep 2010 12:33:03 GMT.   Nigerian man gets 12 years for $1.3m 419 scam   Hunting 'mugu' in America A Nigerian man has been sentenced to more than 12 years in US prison for orchestrating an advance payment scam that bilked victims out of more than $1.3m.…   Spammers latch onto Ping to pump iPhone survey scams   Quick off the mark Spammers have been quick off the mark in exploiting Apple's new iTunes social network to punt survey scams.…   Symantec Snoop Dogg rap contest site rickrolled   #hackiswacked Symantec's attempts to link up with Snoop Dogg to launch a cybercrime rap contest have descended into farce after it emerged that vulnerabilities with a dedicated site can be easily rickrolled.…   Phone bugging scandal reignited as NotW suspends reporter   The story that refuses to die New allegations of phone hacking at the News of the World have resulted in the suspension of one of the Sunday paper's reporters, pending legal and disciplinary action over allegations of tapping into the voicemail messages of an unnamed television personality.…   Microsoft freshens retro code lock-down tool   Teaching old apps new tricks Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities.…   iTunes update plugs WebKit flaw   Ping-pong The latest version of iTunes for Windows addresses 13 security vulnerabilities, as well as adding much-publicised social networking functionality.…   Symantec and Snoop Dogg launch cybercrime rap contest   Now thass geekster Symantec has teamed up with rapper Snoop Dogg to launch a cybercrime rap contest.…   Cyber-jihadists deface home of teddy bears' picnic   Get their Belvoirs mixed up Geographically mixed-up Algerian hackers made themselves look rather silly by defacing the website of an English stately home instead of Belvoir Fortress in Israel, their intended target.…   Feds crack phone clone scam that cost Sprint $15m   More than 10,000 accounts spoofed Federal prosecutors have uncovered a scam that used tens of thousands of cloned cellphones to defraud Sprint out of $15m in lost long distance revenue.…   Microsoft releases FixIt for critical flaw in 100 apps   Relief for Firefox, Nvidia, PowerPoint Microsoft has released a software tool that helps system administrators protect PCs against a critical class of vulnerabilities found in more than 100 applications from a variety of software makers.…   Survey scammers serve up supposed shelter from survey scams   Kind of ironic when you think about it Cheeky scammers are offering prospective marks an application that supposedly shields them from exposure to survey scams.…   Russian cops cuff 10 ransomware Trojan suspects   Cybercrime gang allegedly raked in $16m Russian police have arrested 10 suspected members of a ransomware gang who allegedly made millions via a locked computer malware scam.…   Hardware hackers defeat quantum crypto   Tripping the light fantastic Security researchers using hardware hacking techniques have unearthed generic flaws in supposedly ultra-secure quantum cryptography systems.…   CarderPlanet founder charged in $9.4m RBS WorldPay hack   And then there were nine A man accused of being one of the most prolific sellers of credit-card data has been charged with participating in the brazen hack of RBS WorldPay in 2008 that funneled about $9.4m out of the payment processor in just 12 hours.…   Judge bashes warrantless cellphone tracking   Tower data protected by Fourth Amendment A federal magistrate has ruled that information pulled from cellphone towers provides such an intimate portrait of a customer's life that government investigators must get a warrant before obtaining it.…   Fake TweetDeck update lures prompt password resets   Are UK hackers behind Trojan horse attack? Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package.…   Crooks said swiped church funds were for sex crime victims   It was simply resting in their account Scammers who made off with $600,000 after breaking into the bank account of a Catholic diocese claim the funds have been earmarked for the victims of paedophile priests.…   Scotch tape maker buys biometric tech firm   Wrap up Updated Industrial conglomerate 3M has agree to buy biometric security firm Cogent Systems in a deal valued at $943m.…   E-voting critic released on bail (finally)   'No offence disclosed' A computer scientist who exposed serious vulnerabilities in India's electronic voting machines was released on bail over the weekend after seven days in police custody.…   Apple QuickTime backdoor creates code-execution peril   Getting punked by 9-year-old parameter A security researcher has unearthed a “bizarre” flaw in Apple's QuickTime Player that can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system.…

SecurityFocus News Last Downloaded: Sat, 04 Sep 2010 12:33:04 GMT.   News: Change in Focus  Change in Focus   News: Twitter attacker had proper credentials  Twitter attacker had proper credentials   News: PhotoDNA scans images for child abuse   PhotoDNA scans images for child abuse >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   News: Conficker data highlights infected networks  Conficker data highlights infected networks   Brief: Google offers bounty on browser bugs  Google offers bounty on browser bugs   Brief: Cyberattacks from U.S. "greatest concern"   Cyberattacks from U.S. "greatest concern" >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   Brief: Microsoft patches as fraudsters target IE flaw  Microsoft patches as fraudsters target IE flaw   Brief: Attack on IE 0-day refined by researchers  Attack on IE 0-day refined by researchers   News: Monster botnet held 800,000 people's details   Monster botnet held 800,000 people's details >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   News: Google: 'no timetable' on China talks  Google: 'no timetable' on China talks   News: Latvian hacker tweets hard on banking whistle  Latvian hacker tweets hard on banking whistle   News: MS uses court order to take out Waledac botnet   MS uses court order to take out Waledac botnet >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   Infocus: Enterprise Intrusion Analysis, Part One  Enterprise Intrusion Analysis, Part One   Infocus: Responding to a Brute Force SSH Attack  Responding to a Brute Force SSH Attack   Infocus: Data Recovery on Linux and ext3   Data Recovery on Linux and <i>ext3</i> >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   Infocus: WiMax: Just Another Security Challenge?  WiMax: Just Another Security Challenge?   Gunter Ollmann: Time to Squish SQL Injection  Time to Squish SQL Injection   Mark Rasch: Lazy Workers May Be Deemed Hackers   Lazy Workers May Be Deemed Hackers >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909   Adam O'Donnell: The Scale of Security  The Scale of Security   Mark Rasch: Hacker-Tool Law Still Does Little  Hacker-Tool Law Still Does Little

Latest Security Files/Exploits

Packet Storm Security Last 20 Last Downloaded: Sat, 04 Sep 2010 12:33:04 GMT.   ie8-forcedtweet.txt  Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets.   smbind-sql.txt  SMBind versions 0.4.7 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.   pligg104-sql.txt  Pligg version 1.0.4 suffers from additional remote SQL injection vulnerabilities outside of the previously discovered findings.   moaub03-trendmicro.pdf  Month Of Abysssec Undisclosed Bugs - Trend Micro Internet Security Pro 2010 suffers from an Active-X extSetOwner remote code execution vulnerability.   moaub03-visinia.pdf  Month Of Abysssec Undisclosed Bugs - Visinia version 1.3 suffers from cross site request forgery and local file inclusion vulnerabilities.   googlechrome-corruption.txt  VUPEN Vulnerability Research Team discovered a high risk vulnerability affecting Google Chrome. The vulnerability is caused by a memory corruption error when processing focus events, which could be exploited by remote attackers to potentially execute arbitrary code by tricking a user into visiting a specially crafted web page. Google Chrome versions prior to 6.0.472.53 are affected.   moaub-visinia.txt  Month Of Abysssec Undisclosed Bugs - Visinia version 1.3 suffers from cross site request forgery and local file inclusion vulnerabilities.   moaub-trendmicro.txt  Month Of Abysssec Undisclosed Bugs - Trend Micro Internet Security Pro 2010 suffers from an Active-X extSetOwner remote code execution vulnerability.   dsa-2102-1.txt  Debian Linux Security Advisory 2102-1 - It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code.   HPSBMA02572-SSRT100082.txt  HP Security Bulletin - A potential security vulnerability has been identified with HP Operations Agent running on Windows. The vulnerabilities could be exploited locally resulting in an elevation of privileges and remotely allowing execution of arbitrary code.   MDVSA-2010-170.txt  Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.   glsa-201009-01.txt  Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.   onecms-xss.txt  OneCMS version 2.6.1 suffers from a cross site scripting vulnerability.   path-attacks.txt  Whitepaper called PATH Attacks. Written in German.   moaub02-apple.pdf  Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.   moaub02-rainbow.pdf  Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities.   webmanagerpro-sql.txt  CMS WebManager-Pro suffers from a remote SQL injection vulnerability.   suricata-1.0.2.tar.gz  Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.   checksum-shellcode.txt  This shellcode is an egg hunter checksum routine.   USN-982-1.txt  Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.

milw0rm.com Last Downloaded: Sat, 07 Aug 2010 00:56:54 GMT.   BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2     Joomla com_mytube (user_id) Blind SQL Injection Exploit     Joomla com_jinc (newsid) Blind SQL Injection Vulnerability     Snort < 2.8.5 Unified1 Output Denial of Service Exploit     WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities     Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities     ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability     CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability     cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit     Winplot (.wp2 File) Local Buffer Overflow Exploit

powered by zFeeder