[ MDKSA-2006:217-1 ] – Updated proftpd packages fix vulnerabilities

continue reading.....

[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities


>> Advertisement <<

ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” – White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

continue reading.....

OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.

continue reading.....

continue reading.....

The ‘Seinfeld’ comedian still hasn’t repented for his racist gaffes at the Laugh Factory.

continue reading.....

If Bush dares to move militarily against Iran, we will become mired in a bloody conflict that will know no borders.

continue reading.....

If Bush dares to move militarily against Iran, we will become mired in a bloody conflict that knows no borders.

continue reading.....

PHP has mail() function to send an email to users. However this mail() will not work:
=> If sendmail (or compatible binary) is not installed
=> If Apache Web server / Lighttpd running in chrooted jail
=> And your smtp server needs an authentication before sending an email
In all these cases you need to use PHP PEAR’s Mail:: [...]

continue reading.....

Posted by iDefense Labs on Nov 30

continue reading.....

Posted by Peter Thoeny on Nov 30

continue reading.....

I have finally opened the Presentations section on the site, so now all my presentations can be freely accessed and downloaded. My latest presentation is on the Shellcode Evolution topic, it’s already being uploaded and can be viewed here

continue reading.....

[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution

continue reading.....

It seems finally someone has found a flaw in the way Tor works, a way to beat it and find out who is using the system.
Perhaps an end to the most anonymous system on the Internet?
I got this info fresh from SANS.

One of our readers sent in a very worr…

continue reading.....

Evince is a document viewer for multiple document formats. It currently supports pdf, postscript, djvu, tiff and dvi. The goal of evince is to replace the multiple document viewers that exist on the GNOME Desktop with a single simple application.

continue reading.....

Secunia Research has discovered a vulnerability in Borland products, which can be exploited by malicious people to compromise a vulnerable system.

continue reading.....

Tuesday’s Weblog post sought your suggestions – and we received lots of them. Thanks to all of you! Great responses.

And now — We have the next round as selected by the Lab during lunch. Your vote in this poll will help select the finalists.

On 30/11/06 At 02:31 PM

continue reading.....

There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.

continue reading.....

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability.

continue reading.....

Apple Releases Security Update to Address Multiple Vulnerabilities

continue reading.....

Apple Releases Security Update to Address Multiple Vulnerabilities

continue reading.....

Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability


>> Advertisement <<

ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” – White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

continue reading.....

[USN-388-1] KOffice vulnerability

continue reading.....

SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability

continue reading.....

[USN-389-1] GnuPG vulnerability

continue reading.....

Computer World: E-passport security? Depends on the country “U.K., Germany report cracks; New Zealand steady; U.S. goes boom”

continue reading.....

VNU Net: M&S tests RFID delivery for suppliers “Retailer fast tracks product delivery”

continue reading.....

Network World: Report – Thousands lose cell phones, PDAs and other gadgets in taxis “Good news is that most items are reclaimed”

continue reading.....

Security Tracker: Adobe Acrobat Buffer Overflow in ‘AcroPDF.dll’ ActiveX “May Let Remote Users Execute Arbitrary Code”

continue reading.....

Simple scanning script that attempts to find ADSL router modems.

continue reading.....

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

continue reading.....