Oracle released its quarterly Critical Patch Update today. This quarterly update contains 45 new sec …(more)…
.::anti-abuse.com::.
Security Revealed
Archive for July, 2007
Couple ISC site updates, (Tue, Jul 17th)
Posted in July 18th, 2007
The page which allows you for new diary notifications was broken and is now fixed again (see http:// …(more)…
Comments Off
Reporting firewall logs, (Tue, Jul 17th)
Posted in July 18th, 2007
We got a couple of users forwarding firewall logs to the handlers\at/sans.org e-mail address …(more)…
Comments Off
Symantec False-Positive on Filezilla, NASA World Wind, (Mon, Jul 16th)
Posted in July 17th, 2007
It appears that Symantec’s anti-virus definitions (July 15th, rev 2) had a false positive on Filezil …(more)…
Comments Off
SecurityMonkey Found Guilty On All Counts
Posted in July 16th, 2007
It’s true, I’m completely guilty.
Last week I published a story that Scrap shared with me about a student in his class causing problems.
The story was immediately plastered at digg.com and reddit.com and shot up through the rankings like crazy.
Vincent, a f
Comments Off
Microsoft Patch support not Free?, (Sun, Jul 15th)
Posted in July 15th, 2007
We got reactions to some of our previous stories that some of the patch support relating to the rece …(more)…
Comments Off
Symantec Backup Exec for Windows Server, (Fri, Jul 13th)
Posted in July 13th, 2007
An advisory has been issued by Symantec for their Backup Exec product. According to the adviso …(more)…
Comments Off
Sunbelt Software Releases Patch for Ninja Email , (Fri, Jul 13th)
Posted in July 13th, 2007
Sunbelt Software has announced the availability of a patch to fix the problems that have occurred wi …(more)…
Comments Off
Strange Round of EMails , (Fri, Jul 13th)
Posted in July 13th, 2007
We have received a number of reports from our readers indicating that they are receiving a large amo …(more)…
Comments Off
Java Run Time Advisory Issued, (Fri, Jul 13th)
Posted in July 13th, 2007
According to an article on line at ZDNet there is yet another potential problem with Java.
ne …(more)…
Comments Off
Nduja Connection: A cross webmail worm (XWW)
Posted in July 13th, 2007
Recently we were contacted by Rosario Valotta who shared his latest research paper and a proof of concept of what he defines to be a cross webmail worm (XWW). Rosario implemented the worm in order to demonstrate its significant negative impact that could have on unaware users of famous webmail providers which are vulnerable to XSS. He named the worm "Nduja connection".
Comments Off
Paper: A PoC of a cross webmail worm (XWW), called “Nduja connection”
Posted in July 13th, 2007
A PoC of the first cross webmail worm (XWW) called "Nduja connection". This paper is a very interesting read, supported by a very nice video demonstration of the worm.
Comments Off
MS07-036 Revised, (Fri, Jul 13th)
Posted in July 13th, 2007
This patch was initially only for office on windows, however some MAC users of office may have …(more)…
Comments Off
Im In Your Leenucks Box Changing Your Password
Posted in July 13th, 2007
So I’m having a conversation on the phone with Scrap this morning and he relayed this little story from his adventures as a professor of information security studies at a local school. I’m going to share this story with you and include my usual warning and disclaimer: Put your beverage down. Do not attempt to drink beverage while reading this. SecurityMonkey is not responsible for liquids spilled in your keyboard or all over your screen!
Scrap tells the story…
So I’
Comments Off
Anti Forensics: Making Computer Forensics Hard
Posted in July 12th, 2007
The linked paper explains how Anti Forensics are currently being conducted by hackers, what methods they have of hiding information and what the future holds in this field.
Comments Off
MS07-040: .NET update trouble, (Thu, Jul 12th)
Posted in July 12th, 2007
It seems there are a number of readers struggling with the MS07-040 patch for the .NET framework on …(more)…
Comments Off
A patchy kind of day, (Wed, Jul 11th)
Posted in July 12th, 2007
Black Tuesday, Reboot Wednesday, , lets all distribute patches and vulnerability information T …(more)…
Comments Off
1 Banana, 2 Banana, 3 Banana… Floor!
Posted in July 11th, 2007
Pand0ra sent me this story that had me shaking my head and laughing my monkey arse off at the same time!
Take it away Pand0ra…
So I heard about an incident at work here the other day when my co-worker forward me this message.
Problem: The main server power grid went down at the X data center, causing various devices to go down. Once the power was restored, many of the systems were not able to recover on their own, including the Storage Area Network (SAN).
Cause Category: Hum
Comments Off
Are You The Key Master?
Posted in July 11th, 2007
This last couple of months have been nothing but challenges for this monkey.
Update:
- Paws are darn near 100% but I’m not pushing them.
- During my many doctor visits for the paws a few other items came up that I’m tackling right now. Nothing life threatening, however I’m in bed very early every night and sleeping for at least 8 hours a night (doctor’s orders – complete with meds!). Apparently the human-chimp hybrid body needs sleep or something. Whatever.
- I’m preparing for BlackHat
Comments Off
Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One)
Posted in July 11th, 2007
Several security vulnerabilities have been found in ISS’s Proventia appliance, these vulnerabilities allow remote attackers to cause cross site scripting vulnerabilities in their user interface, cause the PHP scripts running on the server to include remote files as well as due to the usage of old OpenSSH (and in compatibility mode) to allow brute forcing of usernames and passwords with a timing attack.
Comments Off
PyFault – Python Based Fault Injection in Win32 Based Application
Posted in July 11th, 2007
Comments Off
IE vs. FF, (Tue, Jul 10th)
Posted in July 11th, 2007
No, I’m not restarting the browser wars. They have been fought and lost …(more)…
Comments Off
WinPcap local privilege escalation, (Tue, Jul 10th)
Posted in July 11th, 2007
An exploit has been made public for a privilege escalation in WinPcap, a DLL used by many security t …(more)…
Comments Off
The ever morphing Storm, (Mon, Jul 9th)
Posted in July 9th, 2007
Readers has been reporting emails with subjects such as:
Spyware Detected!
Malware Alert …(more)…
Comments Off
Evil Google Ads, (Sun, Jul 8th)
Posted in July 9th, 2007
Robert sent us some nice analysis earlier today about some hostile ads he discovered at Google.nbsp …(more)…
Comments Off
Yahoo Follow-up, (Sun, Jul 8th)
Posted in July 8th, 2007
On Friday we reported that there were connectivity issues with Yahoo. Initially we thought tha …(more)…
Comments Off
PayPal XSS adventure has finally come to an end
Posted in July 8th, 2007
What is wrong with PayPal lately? I am a bit surprised that PayPal was until yesterday vulnerable to that XSS vuln which was submitted by 142TeeTH on the 22th of June… Until early today, no prompt action was taken whatsoever by PayPal. Discovering security vulnerabilities in the largest online payment processor was never too easy – even underestimated ones like XSS.
Comments Off
Advertisments
Popular Tags
Recent Entries
- Ubuntu more “commercial”, but always free …
- Silicon Valley Can Do Better Than Facebook
- The pi pad
- Labor Struggles, Then and Now: Workers in One Iowa Town Epitomize the Past and Present of the Labor Movement
- The Perfect Desktop – Ubuntu Studio 12.04
- Introducing Our 2012 Disrupt NYC Hackathon Winners: Thingscription, PoachBase, And Practikhan!
- iPhone charger teardown shows astounding miniaturization.
- Vuln: Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
- 12 More Enlightening Free Linux Books
- Building a 6502 in Minecraft
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jun | Aug » | |||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
Subscribes
Meta
Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- August 2005
- July 2005
- June 2005
- May 2005
- January 2005
- November 2004
- October 2004
- September 2004
- October 2002
- December 2001
- January 1970
- December 1969
Also
rss
- SANS Internet Storm Center, InfoCON: green
- SANS Internet Storm Center, InfoCON: green
- (IN)SECURE Magazine Notifications RSS
- 0DayCar
- A Day in the Life of an Information Security Investigator
- Advisory Files ≈ Packet Storm
- Advisory Files ≈ Packet Storm
- All about Linux
- All about Linux
- AlterNet.org
- AlterNet.org
- Astalavista.net – Directory
- Astalavista.net – Exploits
- cmw.me blogs
- Confessions of a Penetration Tester
- Darknet – The Darkside
- Darknet – The Darkside
- Debian GNU/Linux System Administration Resources
- Debian GNU/Linux System Administration Resources
- DesktopLinux.com
- DesktopLinux.com
- Exploit Files ≈ Packet Storm
- Exploit Files ≈ Packet Storm
- F-Secure Antivirus Research Weblog
- F-Secure Antivirus Research Weblog
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Got Root Articles
- Got Root Articles
- Got Root Blogs
- Got Root Blogs
- Got Root Library and Wiki
- Got Root Library and Wiki
- Hack a Day
- Hack a Day
- HowtoForge – Linux Howtos and Tutorials –
- HowtoForge – Linux Howtos and Tutorials –
- izik
- izik
- Joomla! powered Site
- kaos.theory: fractal blog
- kaos.theory: fractal blog
- Latest Secunia Advisories
- Librenix.com | Linux Sysadmin Central
- Librenix.com | Linux Sysadmin Central
- Linux Gazette
- Linux Gazette
- Linux Journal – The Original Magazine of the Linux Community
- Linux Journal – The Original Magazine of the Linux Community
- Linux.com :: Feature
- Linux.com :: Feature
- LXer Linux News
- LXer Linux News
- milw0rm.com
- milw0rm.com
- News ≈ Packet Storm
- News ≈ Packet Storm
- nixCraft Linux Sys Admin Blog
- nixCraft Linux Sys Admin Blog
- Open Source Networking
- Open Source Networking
- Own-the.net – Web application security and SEO
- RootPrompt — Nothing but Unix
- RootPrompt — Nothing but Unix
- Rootsecure.net
- Rootsecure.net
- SecuriTeam
- SecuriTeam
- Security Tool Files ≈ Packet Storm
- Security Tool Files ≈ Packet Storm
- SecurityDocs
- SecurityDOT Articles
- SecurityDOT Articles
- SecurityDOT Exploits
- SecurityDOT Exploits
- SecurityDot News
- SecurityDot News
- SecurityDot Vulnerabilities
- SecurityDot Vulnerabilities
- SecurityFocus News
- SecurityFocus News
- SecurityFocus Vulnerabilities
- SecurityFocus Vulnerabilities
- SpiderLabs Anterior
- SpiderLabs Anterior
- Spyware Warrior
- Spyware Warrior
- TaoSecurity
- TaoSecurity
- TechCrunch
- The Ethical Hacker Network RSS News Feed
- The Ethical Hacker Network RSS News Feed
- The most recent articles from vnunet.com
- The most recent articles from vnunet.com
- US-CERT Bulletins
- US-CERT Bulletins
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Tips
- US-CERT Tips
- VulnWatch
- VulnWatch
- XSSed syndication
- XSSed syndication
- XSSed syndication
- XSSed syndication