Archive for February, 2008
Posted in February 29th, 2008
February 12th 2008 is Safer Internet Day in many European countries. You can find details from Insafe at saferinternet.org.
There is a listing of scheduled events for each country and the SID Competition winners will be announced online.
In Finland, there will be events held in downtown Helsinki as well as online.
On 11/02/08 At 03:12 PM
continue reading.....
Posted in February 29th, 2008
Chrooting Apache2 With mod_chroot On Debian Etch
This guide explains how to set up mod_chroot
with Apache2 on a Debian Etch system. With mod_chroot, you can run
Apache2 in a secure chroot environment and make your server less
vulnerable to break-in attempts that try to exploit vulnerabilities in
Apache2 or your installed web applications.
Read more…
continue reading.....
Posted in February 29th, 2008
rPath has issued an update for espgs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user’s system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
A vulnerability has been reported in NetBSD, which potentially can be exploited by malicious people to compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
SUSE has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user’s system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
(Posted 25 Feb 2008 by Ray)
continue reading.....
Posted in February 29th, 2008
(Posted 25 Feb 2008 by Ray)
continue reading.....
Posted in February 29th, 2008
(Posted 25 Feb 2008 by Ray)
continue reading.....
Posted in February 29th, 2008
(Posted 25 Feb 2008 by Ray)
continue reading.....
Posted in February 29th, 2008
(Posted 26 Feb 2008 by BlueVoodoo)
continue reading.....
Posted in February 29th, 2008
B0B has discovered a vulnerability in ICQ, which can be exploited by malicious people to compromise another user’s system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Iron has discovered a vulnerability in eazyPortal, which can be exploited by malicious people to conduct SQL injection attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Russ McRee has reported a vulnerability in Interspire Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
William Hicks and Chris Castaldo have discovered some vulnerabilities in AuthentiX, which can be exploited by malicious people to conduct cross-site scripting attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Red Hat has issued an update for netpbm. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Red Hat has issued an update for gd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Mandriva has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Let’s have a closer look at a typical rock phish.
Here’s the mail, sent yesterday.
The link points to paypal-user-confirm.com/acc/login.php. The domain was registered a week ago with bogus whois data and (we guess) a stolen credit card.
Here’s what the site looks like:
Let’s see where this is hosted.
This IP address is physically in Israel. Let’s see what the front page looks like.
Ah. “209.1 Host Locked”.
This. is. Rock. phish.
While we wait for the abuse messages to go through, lets have a quick look at what kind of host names in addition of paypal-user-confirm.com have been pointing to this same IP address.
Turns out that’s quite a list, here’s a sampling:
paypal-secure-login.comcitibank.com.defelopour1.escitibank.com.defelopour3.escitibank.com.defelopour4.escitibank.com.defelopour61.escitibank.com.fgh45.hkcitibank.com.fgh67.hkcitibank.com.had.stcitibank.com.host56.hkcitibank.com.losao0.escitibank.com.losao1.escitibank.com.losao2.escitibank.com.platoniv5.escitibank.com.platoniv7.escitibank.com.platoniv8.escitibank.com.radio78.netcitibank.com.raduo4.escitibank.com.readyonline.escitibank.com.torbirt1.escitibank.com.torbirt4.escitibank.com.torbirt7.escitibank.com.trek.stbibform.hsbc.com.defelopour1.esbibform.hsbc.com.defelopour3.esbibform.hsbc.com.defelopour4.esbibform.hsbc.com.fgh67.hkbibform.hsbc.com.had.stbibform.hsbc.com.host56.hkbibform.hsbc.com.losao.hkbibform.hsbc.com.losao0.esbibform.hsbc.com.losao1.esbibform.hsbc.com.losao3.esbibform.hsbc.com.platoniv7.esbibform.hsbc.com.platoniv9.esbibform.hsbc.com.readyonline.esbibform.hsbc.com.torbirt1.esbibform.hsbc.com.torbirt4.esbibform.hsbc.com.torbirt9.esbibform.hsbc.com.trek.stbibform.hsbc.com.xn--hjk78-qo7mo3n.hkcitibusiness.citibank.com.dastin1.escitibusiness.citibank.com.dastin1.nom.escitibusiness.citibank.com.dastin1.org.escitibusiness.citibank.com.defelopour1.escitibusiness.citibank.com.defelopour2.escitibusiness.citibank.com.fast5.net.incitibusiness.citibank.com.fast5.org.cncitibusiness.citibank.com.fast5.org.incitibusiness.citibank.com.fgh45.hkcitibusiness.citibank.com.host56.hkcitibusiness.citibank.com.losao.hkcitibusiness.citibank.com.losao0.escitibusiness.citibank.com.losao1.escitibusiness.citibank.com.losao2.escitibusiness.citibank.com.platoniv7.escitibusiness.citibank.com.platoniv8.escitibusiness.citibank.com.platoniv9.escitibusiness.citibank.com.readyonline.escitibusiness.citibank.com.realo7.firm.incitibusiness.citibank.com.torbirt1.escitibusiness.citibank.com.torbirt4.escitibusiness.citibank.com.torbirt9.escitibusiness.citibank.com.trek.stcitibusinessonline.citibank.com.defelopour2.escitibusinessonline.citibank.com.defelopour5.escitibusinessonline.citibank.com.defelopour61.escitibusinessonline.citibank.com.fgh45.hkcitibusinessonline.citibank.com.fgh67.hkcitibusinessonline.citibank.com.had.stcitibusinessonline.citibank.com.host56.hkcitibusinessonline.citibank.com.losao.hkcitibusinessonline.citibank.com.losao2.escitibusinessonline.citibank.com.losao5.escitibusinessonline.citibank.com.platoniv1.escitibusinessonline.citibank.com.platoniv3.escitibusinessonline.citibank.com.platoniv4.escitibusinessonline.citibank.com.platoniv6.escitibusinessonline.citibank.com.platoniv7.escitibusinessonline.citibank.com.radio78.netcitibusinessonline.citibank.com.raduo4.escitibusinessonline.citibank.com.torbirt1.escitibusinessonline.citibank.com.torbirt4.escitibusinessonline.citibank.com.torbirt7.escitibusinessonline.citibank.com.torbirt8.escitibusinessonline.citibank.com.trek.stcitibusinessonline.citibank.com.xn--hjk78-qo7mo3n.hkcitibusinessonline.citibank.com.xn--ursa12-110l.hkcitibusinessonline.da-us.citi.com.defelopour1.escitibusinessonline.da-us.citi.com.defelopour2.escitibusinessonline.da-us.citi.com.defelopour5.escitibusinessonline.da-us.citi.com.fgh45.hkcitibusinessonline.da-us.citi.com.fgh67.hkcitibusinessonline.da-us.citi.com.had.stcitibusinessonline.da-us.citi.com.losao1.escitibusinessonline.da-us.citi.com.losao3.escitibusinessonline.da-us.citi.com.platoniv8.escitibusinessonline.da-us.citi.com.platoniv9.escitibusinessonline.da-us.citi.com.radio5.escitibusinessonline.da-us.citi.com.radio78.netcitibusinessonline.da-us.citi.com.raduo4.escitibusinessonline.da-us.citi.com.readyonline.escitibusinessonline.da-us.citi.com.torbirt1.escitibusinessonline.da-us.citi.com.torbirt4.escitibusinessonline.da-us.citi.com.trek.stcitibusinessonline.da-us.citi.com.xn--ursa12-110l.hkcitibusinessonline.da-us.citibank.com.defelopour2.escitibusinessonline.da-us.citibank.com.defelopour61.escitibusinessonline.da-us.citibank.com.had.stcitibusinessonline.da-us.citibank.com.host56.hkcitibusinessonline.da-us.citibank.com.losao1.escitibusinessonline.da-us.citibank.com.losao2.escitibusinessonline.da-us.citibank.com.platoniv9.escitibusinessonline.da-us.citibank.com.radio5.escitibusinessonline.da-us.citibank.com.raduo4.escitibusinessonline.da-us.citibank.com.readyonline.escitibusinessonline.da-us.citibank.com.torbirt1.escitibusinessonline.da-us.citibank.com.torbirt4.escitibusinessonline.da-us.citibank.com.torbirt9.escitibusinessonline.da-us.citibank.com.xn--ursa12-110l.hkdirect-certs.bankofamerica.com.losao8.esdirect-certs.bankofamerica.com.platoniv9.esnatwest.co.uk.dastin1.esnatwest.co.uk.dastin1.nom.esnatwest.co.uk.dastin1.org.esnatwest.co.uk.defelopour1.esnatwest.co.uk.defelopour2.esnatwest.co.uk.defelopour3.esnatwest.co.uk.defelopour4.esnatwest.co.uk.defelopour5.esnatwest.co.uk.defelopour61.esnatwest.co.uk.fast5.co.innatwest.co.uk.fast5.firm.innatwest.co.uk.fast5.gen.innatwest.co.uk.fast5.ind.innatwest.co.uk.fast5.net.innatwest.co.uk.fast5.org.cnnatwest.co.uk.fast5.org.innatwest.co.uk.fgh45.hknatwest.co.uk.fgh67.hknatwest.co.uk.host56.hknatwest.co.uk.losao.hknatwest.co.uk.losao1.esnatwest.co.uk.losao2.esnatwest.co.uk.losao3.esnatwest.co.uk.platoniv8.esnatwest.co.uk.platoniv9.esnatwest.co.uk.radio78.netnatwest.co.uk.readyonline.esnatwest.co.uk.realo7.firm.innatwest.co.uk.torbirt1.esnatwest.co.uk.torbirt4.esnatwest.co.uk.trek.stnatwest.co.uk.xn--ursa12-110l.hknatwest.com.dastin1.esnatwest.com.dastin1.nom.esnatwest.com.dastin1.org.esnatwest.com.defelopour1.esnatwest.com.defelopour2.esnatwest.com.defelopour3.esnatwest.com.defelopour4.esnatwest.com.defelopour5.esnatwest.com.defelopour61.esnatwest.com.fast5.co.innatwest.com.fast5.firm.innatwest.com.fast5.gen.innatwest.com.fast5.net.innatwest.com.fast5.org.cnnatwest.com.fast5.org.innatwest.com.fgh45.hknatwest.com.had.stnatwest.com.host56.hknatwest.com.losao.hknatwest.com.losao0.esnatwest.com.losao1.esnatwest.com.losao2.esnatwest.com.platoniv7.esnatwest.com.platoniv8.esnatwest.com.raduo4.esnatwest.com.readyonline.esnatwest.com.torbirt1.esnatwest.com.torbirt4.esnatwest.com.xn--hjk78-qo7mo3n.hknatwest.com.xn--ursa12-110l.hkonline.natwest.co.uk.dastin1.esonline.natwest.co.uk.dastin1.nom.esonline.natwest.co.uk.dastin1.org.esonline.natwest.co.uk.fast5.net.inonline.natwest.co.uk.fast5.org.cnonline.natwest.co.uk.fast5.org.inonline.natwest.co.uk.fgh45.hkonline.natwest.co.uk.had.stonline.natwest.co.uk.host56.hkonline.natwest.co.uk.losao.hkonline.natwest.co.uk.losao2.esonline.natwest.co.uk.losao3.esonline.natwest.co.uk.losao5.esonline.natwest.co.uk.platoniv8.esonline.natwest.co.uk.platoniv9.esonline.natwest.co.uk.radio78.netonline.natwest.co.uk.readyonline.esonline.natwest.co.uk.realo7.firm.inonline.natwest.co.uk.torbirt5.esonline.natwest.co.uk.torbirt6.esonline.natwest.co.uk.torbirt7.esonline.natwest.co.uk.torbirt8.esonline.natwest.co.uk.torbirt9.esonline.natwest.co.uk.xn--hjk78-qo7mo3n.hkonline.natwest.co.uk.xn--ursa12-110l.hkonline.natwest.com.dastin1.org.esonline.natwest.com.defelopour1.esonline.natwest.com.defelopour5.esonline.natwest.com.defelopour61.esonline.natwest.com.fast5.co.inonline.natwest.com.fast5.firm.inonline.natwest.com.fast5.gen.inonline.natwest.com.fast5.ind.inonline.natwest.com.fast5.net.inonline.natwest.com.fast5.org.cnonline.natwest.com.fast5.org.inonline.natwest.com.fgh45.hkonline.natwest.com.host56.hkonline.natwest.com.losao.hkonline.natwest.com.losao0.esonline.natwest.com.losao1.esonline.natwest.com.losao2.esonline.natwest.com.platoniv8.esonline.natwest.com.platoniv9.esonline.natwest.com.radio5.esonline.natwest.com.radio78.netonline.natwest.com.readyonline.esonline.natwest.com.realo7.firm.inonline.natwest.com.torbirt1.esonline.natwest.com.torbirt4.esonline.natwest.com.trek.stonline.natwest.com.xn--ursa12-110l.hkuk.natwest.com.dastin1.nom.esuk.natwest.com.dastin1.org.esuk.natwest.com.defelopour1.esuk.natwest.com.defelopour2.esuk.natwest.com.fast5.co.inuk.natwest.com.fast5.firm.inuk.natwest.com.fast5.org.cnuk.natwest.com.fgh45.hkuk.natwest.com.had.stuk.natwest.com.host56.hkuk.natwest.com.losao.hkuk.natwest.com.losao0.esuk.natwest.com.losao1.esuk.natwest.com.platoniv9.esuk.natwest.com.radio78.netuk.natwest.com.realo7.firm.inuk.natwest.com.torbirt1.esuk.natwest.com.torbirt4.esuk.natwest.com.torbirt9.esuk.natwest.com.trek.stuk.natwest.com.xn--hjk78-qo7mo3n.hkuk.natwest.com.xn--ursa12-110l.hkwww.53.com.dastin1.eswww.53.com.dastin1.nom.eswww.53.com.dastin1.org.eswww.53.com.defelopour1.eswww.53.com.defelopour2.eswww.53.com.fast5.co.inwww.53.com.fast5.firm.inwww.53.com.fast5.gen.inwww.53.com.fast5.ind.inwww.53.com.fast5.net.inwww.53.com.losao8.eswww.53.com.losao9.eswww.53.com.platoniv1.eswww.53.com.platoniv2.eswww.53.com.platoniv3.eswww.53.com.readyonline.eswww.53.com.realo7.firm.inwww.53.com.torbirt4.eswww.53.com.xn--ursa12-110l.hk...
Yes, it goes on. Oh well.
On 29/02/08 At 10:47 AM
continue reading.....
Posted in February 29th, 2008
A security issue has been reported in NetBSD, which can potentially be exploited by malicious people to bypass certain security restrictions.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
A vulnerability has been reported in Koobi, which can be exploited by malicious people to bypass certain security restrictions.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Fedora has issued an update for turba. This fixes a security issue and a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and manipulate data.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
rPath has issued an update for pcre. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Luigi Auriemma has reported a vulnerability in Netwin SmsGate, which can be exploited by malicious people to cause a DoS (Denial of Service).
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Fedora has issued an update for xen. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
rPath has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Fedora has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially to compromise a user’s system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Daniel Roethlisberger has reported a vulnerability in Urulu, which can be exploited by malicious people to conduct SQL injection attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Steve Kemp has reported two security issues in XWine, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
Posted in February 29th, 2008
IBM has acknowledged some vulnerabilities in AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview – The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
continue reading.....
