Archive for November, 2006
Posted in November 30th, 2006
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities
>> Advertisement <<
ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” – White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29
continue reading.....
Posted in November 30th, 2006
[ MDKSA-2006:217-1 ] – Updated proftpd packages fix vulnerabilities
continue reading.....
Posted in November 30th, 2006
OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.
continue reading.....
Posted in November 30th, 2006
Posted in November 30th, 2006
If Bush dares to move militarily against Iran, we will become mired in a bloody conflict that knows no borders.
continue reading.....
Posted in November 30th, 2006
If Bush dares to move militarily against Iran, we will become mired in a bloody conflict that will know no borders.
continue reading.....
Posted in November 30th, 2006
The ‘Seinfeld’ comedian still hasn’t repented for his racist gaffes at the Laugh Factory.
continue reading.....
Posted in November 30th, 2006
PHP has mail() function to send an email to users. However this mail() will not work:
=> If sendmail (or compatible binary) is not installed
=> If Apache Web server / Lighttpd running in chrooted jail
=> And your smtp server needs an authentication before sending an email
In all these cases you need to use PHP PEAR’s Mail:: [...]
continue reading.....
Posted in November 30th, 2006
Posted by iDefense Labs on Nov 30
continue reading.....
Posted in November 30th, 2006
Posted by Peter Thoeny on Nov 30
continue reading.....
Posted in November 30th, 2006
I have finally opened the Presentations section on the site, so now all my presentations can be freely accessed and downloaded. My latest presentation is on the Shellcode Evolution topic, it’s already being uploaded and can be viewed here
continue reading.....
Posted in November 30th, 2006
[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution
continue reading.....
Posted in November 30th, 2006
It seems finally someone has found a flaw in the way Tor works, a way to beat it and find out who is using the system.
Perhaps an end to the most anonymous system on the Internet?
I got this info fresh from SANS.
One of our readers sent in a very worr…
continue reading.....
Posted in November 30th, 2006
Evince is a document viewer for multiple document formats. It currently supports pdf, postscript, djvu, tiff and dvi. The goal of evince is to replace the multiple document viewers that exist on the GNOME Desktop with a single simple application.
continue reading.....
Posted in November 30th, 2006
Secunia Research has discovered a vulnerability in Borland products, which can be exploited by malicious people to compromise a vulnerable system.
continue reading.....
Posted in November 30th, 2006
Tuesday’s Weblog post sought your suggestions – and we received lots of them. Thanks to all of you! Great responses.
And now — We have the next round as selected by the Lab during lunch. Your vote in this poll will help select the finalists.
On 30/11/06 At 02:31 PM
continue reading.....
Posted in November 30th, 2006
There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.
continue reading.....
Posted in November 30th, 2006
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability.
continue reading.....
Posted in November 30th, 2006
Apple Releases Security Update to Address Multiple Vulnerabilities
continue reading.....
Posted in November 30th, 2006
Apple Releases Security Update to Address Multiple Vulnerabilities
continue reading.....
Posted in November 30th, 2006
SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability
continue reading.....
Posted in November 30th, 2006
[USN-388-1] KOffice vulnerability
continue reading.....
Posted in November 30th, 2006
Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability
>> Advertisement <<
ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” – White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29
continue reading.....
Posted in November 30th, 2006
[USN-389-1] GnuPG vulnerability
continue reading.....
Posted in November 30th, 2006
Posted in November 30th, 2006
Posted in November 30th, 2006
Posted in November 30th, 2006
Computer World: E-passport security? Depends on the country “U.K., Germany report cracks; New Zealand steady; U.S. goes boom”
continue reading.....
Posted in November 30th, 2006
Simple scanning script that attempts to find ADSL router modems.
continue reading.....
Posted in November 30th, 2006
Tiny utility for supplying user defined environmental variables at a defined sized. Used in the Aid of auditing binaries that rely on environmental variables.
continue reading.....
