I don’t like self-proclaimed prophets. So, you’ll rarely see me quoting them. I guess my aversion originates in so many presentations where the next [insert application or company here] “killer” will emerge if we invest some money. And yes, I admit I sat on the side of the table talking about a couple of those killer apps myself.

continue reading.....

Looks like it’s time to click on the Apple in the top left of your screen, then followed by …(more)…

continue reading.....

Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit (diff)

continue reading.....

Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit

continue reading.....

phpMyWebmin <= 1.0 (target) Remote File Include Vulnerabilities

continue reading.....

VAMP Webmail <= 2.0beta1 (yesno.phtml) Remote Include Vulnerability

continue reading.....

SiteDepth CMS Constants.PHP Remote File Include Vulnerability

continue reading.....

PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability


>> Advertisement <<

ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” – White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

continue reading.....

CScope Cscope.Lists Multiple Buffer Overflow Vulnerabilities

continue reading.....

Virtual Bridges Announces Win4BSD

continue reading.....

WMI: Scripting

continue reading.....

Regarding Windows Vista’s I/O

continue reading.....

Gartner: Linux Not About to Do Damage to Windows

continue reading.....

Scientists are getting close to creating a controversial vaccine against nicotine addiction.

continue reading.....

In this week’s entry we’ll look at two more “live” CDs of Linux systems optimized for multimedia creation and performance. I’ve been having a great time with these systems, and I hope that my mini-profiles inspire you to try them all. They’re a great way to introduce someone to Linux, they show off the system optimized for multimedia performance and they provide a wealth of high-quality sound and music software to exploit that system. They all include the standard cornucopia of applications for the mundane tasks, word processing, text editing, graphics, networking, and so on. All that, for the cost of a download and a disc.

continue reading.....

As Congress debates torture and detention for suspected terrorists, you can see what waterboarding is all about.

continue reading.....

TSLSA-2006-0054 – multi

continue reading.....

Secunia Research: Joomla BSQ Sitestats Component MultipleVulnerabilities


>> Advertisement <<

ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” – White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

continue reading.....

FreeBSD Security Advisory FreeBSD-SA-06:23.openssl [REVISED]

continue reading.....

[MajorSecurity Advisory #28]ConPresso CMS – Multiple Cross Site Scripting and SQL Injection Issues

continue reading.....

Integrate Thunderbird with Active Directory

To integrate Thunderbird to the AD, you must already have installed and configured Kerberos and Samba so that you can use the net ads.
There are a lot of documentation out there to get to that point. I will
just highlight the main points for the sake of completeness.

continue reading.....

Kevin Shea wrote in to report:

Yesterday morning (9/27) when dropping off my son at school, I told …(more)…

continue reading.....

Haxdoor rootkit-equipped backdoors are widely used – in the “Rechnungen” and “Räkningen” spam runs in Germany and Sweden for example.

These changing Haxdoor variants are generated with a toolkit known as “A-311 Death”.

The toolkit itself is sold on the Internet by its author, known as “Corpse” or “Korpsov”.

Now, people who use such backdoors quickly collect a lot of information from infected computers. Information such as passwords, credit cards, and bank logons. Some of these attackers filter the logs they collect to find juicy information and then use it themselves. Others grep the data for e-mail addresses (to sell them to spammers) and for credit card numbers and bank logins (to sell them to fraudsters).

Then again, others take the easy way out and end up selling the logs as they are, by the megabyte. Here’s a screenshot from one forum:

On 29/09/06 At 11:42 AM

continue reading.....

Okay, non-interview stuff first. I’ve recently picked up several ‘shortcuts’ from O’Reilly and Addison-Weseley. I love this format. For about 10 bucks, you can get a PDF only copy of a 50-100 page “book”. The shortcuts (so far at least) have been very focused, which allows them to cover a reasonable topic in sufficient depth without creating a monstrous 600+ page tome. The shortcuts I’ve looked at so far have been timely, useful, and a great value. October marks the beginning of Apress’ push into Ruby and Ruby on Rails. Apress also has Practical OCaml coming out soon to help soothe your inner functional programmer. Now, on to interview news!

continue reading.....

I had a pretty sincere E-mail for help in my inbox this morning, and with the person’s permission I am reposting it here:

Chief,