Security

Neighbor indicted in MySpace suicide case

Fri, 16 May 2008 05:02:13 -0400

Neighbor indicted in MySpace suicide case:

“They exploited a young girl’s weaknesses”

After Missouri prosecutors said they couldn’t find grounds for charges in the case of a 13-year-old who killed herself after being bullied online, there…

'Hacker shuts down government computers'

Fri, 16 May 2008 00:48:29 -0400

'Hacker shuts down government computers':

“We believe it may have occurred”

Royal Darwin Hospital … a hacker allegedly took down servers for hospitals, a prison and a supreme court / Amy Brabin AN EXPERT hacker allegedly shut down the…

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

Thu, 15 May 2008 19:31:34 -0400

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability:

“As all ISO, UTF-8 and related charsets were 7-bit clean, it’s clear that Microsoft err’ed on the side of accepting UTF-7 charset for automatic detection in violation of RFC 2616.”

Hello, Please…

ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability

Thu, 15 May 2008 18:46:47 -0400

ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability: ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability May 15, 2008 — Affected Vendors: Symantec — Affected Products: Symantec Altiris Deployment Solution —…

ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability

Thu, 15 May 2008 18:46:47 -0400

ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability: ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability May 15, 2008 — Affected Vendors: Symantec — Affected Products: Symantec Altiris Deployment Solution — TippingPoint(TM)…

SunShop Version 3.5.1 Remote Blind Sql Injection

Thu, 15 May 2008 15:29:56 -0400

SunShop Version 3.5.1 Remote Blind Sql Injection: #!/usr/bin/perl -w use LWP::UserAgent; # scripts : SunShop Version 3.5.1 Remote Blind Sql Injection # scripts site : # Discovered # By : irvian # site : # email : irvian.infoatgmail.com print…

Legal victory against spammers as MySpace wins record payout of USD 234 million, Sophos reports

Thu, 15 May 2008 15:09:58 -0400

Legal victory against spammers as MySpace wins record payout of USD 234 million, Sophos reports:

“In the war against spam it is right that large companies should have a heavy stick like this to hit the spammers with”

IT security and control firm Sophos has applauded a legal judgment that has…

RE: Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities (UNCLASSIFIED)

Thu, 15 May 2008 13:23:36 -0400

RE: Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities (UNCLASSIFIED): Classification: UNCLASSIFIED Caveats: NONE Please advise Theresa Original Message From: nobodyatcisco.com] On Behalf Of Cisco Systems Product Security Incident Response Team Sent: Wednesday, May 14,…

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

Thu, 15 May 2008 13:23:36 -0400

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability: Setting the HTTP response header: Content-Type: text/html; charset=iso-8859-1 or adding the tag: or even both - still does not deter IE from scanning the contents and interpreting them as UTF-7 when…

EBay seller pleads guilty to software piracy charges

Thu, 15 May 2008 13:02:57 -0400

EBay seller pleads guilty to software piracy charges: A 23-year-old Oregon man has pleaded guilty to charges that he used identity theft to set up bogus accounts on eBay, where he sold counterfeit software with a retail value of more than $1 million,…

EU raises privacy issue for Google Street View

Thu, 15 May 2008 13:02:57 -0400

EU raises privacy issue for Google Street View: Europe’s data protection supervisor, Peter Hustinx, urged Google Thursday to respect local privacy rules as it prepares to launch its Street View function this side of the Atlantic.

Verizon snares $678 million federal network contract

Thu, 15 May 2008 13:02:57 -0400

Verizon snares $678 million federal network contract: Verizon Business has captured one of the largest federal network deals of 2008: a 10-year contract to provide managed network and security services to the U.S. Department of Homeland Security that is…

Non-tech criminals can now rent-a-botnet

Thu, 15 May 2008 13:02:57 -0400

Non-tech criminals can now rent-a-botnet: Online fraudsters that aren’t highly skilled in the arts of cybercrime can now rent a service that offers an all-in-one hosting server with a built-in Zeus Trojan administration panel and infecting…

Kostenloses Linkmanagementscript SQL Injection Vulnerabilities

Thu, 15 May 2008 12:20:08 -0400

Kostenloses Linkmanagementscript SQL Injection Vulnerabilities: # # # …::::Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ::::… # Virangar Security Team www.virangar.net Discoverd By :virangar security team(hadihadi) special tnx…

Debian generated SSH-Keys working exploit

Thu, 15 May 2008 12:20:07 -0400

Debian generated SSH-Keys working exploit: Hi Securityfocus, the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. …

Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)

Thu, 15 May 2008 12:20:06 -0400

Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408): Aruba Networks Security Advisory Title: Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities Aruba Advisory ID: AID-051408 Revision: 1.0 For Public Release on…

Phishing botnet expands by hacking legit sites

Thu, 15 May 2008 10:56:28 -0400

Phishing botnet expands by hacking legit sites:

“The tool does not spread on its own but relies on the Asprox botnet to propagate to new hosts”

A botnet is now using a SQL-injection attack tool designed to hack legitimate Web sites, a move…

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

Thu, 15 May 2008 10:12:31 -0400

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability: Hello, Please try to understand what we did here. You might be right in here: “As all ISO, UTF-8 and related charsets were 7-bit clean, it’s clear that Microsoft err’ed on the side of accepting UTF-7…

Colonel suggests using hackers' tool against them

Thu, 15 May 2008 06:43:12 -0400

Colonel suggests using hackers' tool against them:

“To me it’s a silly solution to a problem that has much simpler solutions”

By JORDAN ROBERTSON Thursday, May 15, 2008 Hackers often harness the combined power of thousands of virus-infected…

Hacker writes rootkit for Cisco's routers

Thu, 15 May 2008 02:30:22 -0400

Hacker writes rootkit for Cisco's routers:

“We’re still in the process of putting the whole presentation together, and we also need to work with Cisco before we talk to anybody”

A security researcher has developed malicious rootkit…