NEWS FEEDS CONSOLE (v2)

BBC News Technology
Milo comes out to play at TED
China web filter hit by problems
Highs and lows
dot.Rory
Tech brief
Morpurgo welcomes book technology
Airships to protect British troops
Microsoft to launch Windows slate
Outlook gets Facebook integration
Privacy fears over gay teen site
Tech Brief
Unmanned combat plane is unveiled
dot.Rory
Google debuts Android code tools
Facebook agrees to 'panic button'
Wired Magazine
Work 2.0: A Web-Connected Sticky Note That Bosses You Around
Inside the ‘DarkMarket’ Prototype, a Silk Road the FBI Can Never Seize
Space Radiation Remains Major Hazard for Humans Going to Mars
Science Graphic of the Week: 19th Century Shipwreck Found Near the Golden Gate Bridge
Hearthstone: An Epic New Card Game From the Creators of Warcraft
Angry Nerd: Why Exactly Is Parkour Not a Film Genre Yet?
New World Trade Center Can Put on an App-Controlled Light Show
What Would Don Draper Make With a 3-D Printer?
Intimate Photos Reveal the Day-to-Day Lives of Stormtroopers
Watch an Incredibly Complex Lego Machine Make Electronic Tunes
Google, Facebook, and Microsoft Team Up to Stop Another Heartbleed
Leica Celebrates 100 Years With a Gorgeously Minimalist Shooter
Build Your Own Mini Mars Rover With These Brilliant, NASA-Approved Blocks
The World’s First Bitcoin Debit Card Is Almost Here
Remote Control for Your Credit Card Protects You From Theft
Net-Security Vulnerabilities
Symantec Endpoint Protection Manager Remote Command Execution Exploit
Adobe Flash Player 12.0.0.44 Memory Corruption Vulnerability
Linksys Multiple Routers tmUnblock.cgi Input Validation Error Vulnerability
Internet Explorer CMarkup use-after-free vulnerability
Apache Tomcat Manager Application Upload Authenticated Code Execution
Microsoft Internet Explorer 8 CTreeNode Use-after-Free Memory Corruption Vulnerability
Apache Struts OGNL Expression TextParseUtil.transl ateVariables Code Execution Vulnerability
Apache Struts Wildcard Matching Code Execution Vulnerability
Oracle Fusion Middleware Reports Developer Unspecified Data Compromise Vulnerability
Adobe Flash Player Unspecified Code Execution Vulnerability (APSB14-04)
RealNetworks RealPlayer RMP File Heap-Based Buffer Overflow Vulnerability
HP Data Protector Remote Code Execution Vulnerability
PHP CGI Query String Parameter Processing Remote Code Execution Vulnerability
Red Hat CloudForms Management Engine Path Traversal
Adobe Reader and Acrobat "ToolButton&quo t; Use-after-Free Vulnerability
eWeek Security
Microsoft Patches Internet Explorer Zero-Day Flaw in Security Update
Software Code Sandboxes a Bright Spot as Security Flaws Trend Higher
Android Phone Hacked by Researchers Via NFC
Microsoft Releases Fix It Tool to Fight IE Zero-Day Flaw
Microsoft Urges Users to Patch Internet Explorer Flaw
TDSS Malware Infecting Fortune 500 Includes Evasion Tactic
Flamer Malware Spied on Middle East for More Than Five Years
Google Adding 'Do No Track' Into Chrome's Latest Developer Build
PCI Security Standards Council Issues Guidance for Mobile Payment Industry
Security Infrastructure Market to Top $86 Billion in 2016: Gartner
Microsoft to Patch Adobe Flash Player in Windows 8 'Shortly'
Cisco Beefs Up IPS, Firewalls to Better Protect Data Centers
Microsoft Issues XSS Patches, but Security Researchers Focus on Oct. Update
GoDaddy Goes Down in Major Web Outage
BYOD: 10 Tips Enterprises Can Use to Protect Their Data
Computer Crime Research Center
Internet group ‘AnonymousR 17; threatens cyberattack on APD
Head of FBI’s Milwaukee office targets cyber crime
A Cyber History Of The Ukraine Conflict
CIT seminar to put cybercrime in spotlight
How the cybercrime industry fueled Target breach: McAfee
Cyber Squared says the solution to cyber crime lies in firms sharing information
Groups face the conundrum of cyber crime
Computer users warned about upsurge in cyber crime
Russia hacked hundreds of Western, Asian companies: security firm
Cybercrime shopping list study points to falling prices
Ukrainian Head of Cybercrime Marketplace Gets 18 Years in Prison
Cross-Platform Malware: A Growing Threat For Computers
Defense: Federal agent pursued easy target in cybercrime case
Cybercrime Unit being upgraded, strengthened, says commissioner
Need to tighten treaties with US in cyber crime cases: HS
The Register
All men are part of a PURE GENETIC ELITE, says geno-science bloke
Minecraft players can now download Denmark – all of it – in 1:1 scale
Vladimir Putin says internet is a 'CIA project'
Microsoft beats cloud drum as revenues remain solid but flat
Apple, Google, Intel, Adobe, settle employee-fiddling class action suit
Lost artworks by Andy Warhol found on 80s-era FLOPPY DISKS
Dell, Cisco, Microsoft, Google and friends shower OpenSSL in $$$s to make it all better
Juniper Networks UK bigwig hotfoots it to Alternative Networks
Bankrupt Bitcoin bunker blender begins: MtGox admin starts liquefaction
Facebook: Need help click-farming? Check out our NEWSWIRE
FCC insists proposed internet rules won't 'gut' net neutrality
Apple patent pokes at holographic iPhone screen
So long, 'invincible dreamers': Google+ daddy Gundotra resigns
Amazon earnings narrowly beat bean counter expectations
Computacenter's UK biz up by a fifth. XPocalypse bounce? Well, sort of...
Net-Security News
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
NEW URL FOR HNS RSS FEED: http://feeds.feedbur ner.com/HelpNetSecur ity
Off the wire: Microsoft seeks patent for office 'spy' software
Security World: Wireless security lacking at a large convention
Off the wire: Setup and benchmark encrypted partitions in Ubuntu
Security World: Information Security Forum: It is time to take information classification seriously
Security World: USB encryption product news #1: KeyPoint Solo Vault
Security World: USB encryption product news #2: SafeHouse 3.0
Security World: 5 VoIP threat predictions for 2008
Off the wire: Annvix: A stable, secure, no-frills server distro
Net-Security Advisories
CentOS Errata and Security Advisory - Moderate CentOS 6 libvirt Update (CESA-2014:0103)
SUSE Security Update - puppet (SUSE-SU-2014:0155-1 )
Slackware Security Advisory - mozilla-nss (SSA:2014-028-02)
Slackware Security Advisory - bind (SSA:2014-028-01)
Gentoo Linux Security Advisory - Perl Digest-Base module: Arbitrary code execution (GLSA 201401-33)
Gentoo Linux Security Advisory - Exim: Multiple vulnerabilities (GLSA 201401-32)
Ubuntu Security Notice - munin vulnerabilities (USN-2090-1)
CentOS Errata and Security Advisory - Important CentOS 6 java-1.6.0-openjdk Update (CESA-2014:0097)
CentOS Errata and Security Advisory - Important CentOS 5 java-1.6.0-openjdk Update (CESA-2014:0097)
Gentoo Linux Security Advisory - CEDET: Privilege escalation (GLSA 201401-31)
Gentoo Linux Security Advisory - GNU TeXmacs: Privilege escalation (GLSA 201401-27)
Gentoo Linux Security Advisory - Tomboy: Privilege escalation (GLSA 201401-28)
Gentoo Linux Security Advisory - VIPS: Privilege Escalation (GLSA 201401-29)
Gentoo Linux Security Advisory - Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201401-30)
Mandriva Linux Security Update Advisory - perl-Proc-Daemon (MDVSA-2014:021)
Linux Exposed
Cron Explained
Analyzing Malicious SSH Login Attempts
Enhance Security with Port Knocking
Preventing Accidental Denial of Service
Torrents and SSH Tunnels
Ilegal SEO techniques
Cracking WPA and WPA2 passwords
Windows Hacking and Windows Security Site
Inspecting HTTP
Hosted Exchange and Hosted Sharepoint
Using IPC -- pipes
Formatstrings and OpenBSD
Analyzing Malicious SSH Login Attempts
Enhance Security with Port Knocking
Preventing Accidental Denial of Service
Info World Security
Fake security software scammers jump on Conficker
China denies cyberespionage charges
Gartner: IT spending drop-off worse than after dot-com bust
Conficker activation passes quietly, but threat isn't over
Forrester now says '09 U.S. IT spend to drop 3.1 percent
Conficker may be more widespread than previously thought
Bill would give feds role in private sector cybersecurity
IBM continues push for Sun, but will the deal kill Solaris?
Hackers seize on 0-day flaw in Microsoft's PowerPoint
IBM sees Conficker hitting 4 percent of PCs
Fake security software scammers jump on Conficker
China denies cyberespionage charges
Gartner: IT spending drop-off worse than after dot-com bust
Conficker activation passes quietly, but threat isn't over
Forrester now says '09 U.S. IT spend to drop 3.1 percent
Hack In The Box
Latest hack on PBS news site is the best hack ever
Hackers breached US defense contractors
Hidden URLs in phone and tablet browsers
Microsoft downplays IE 'cookiejacking' bug
Beware of vengeful IT personnel
Honda security breach exposes 283,000 customers
Aussie banks cancel 10,000 credit cards
What Your Wireless Carrier Knows About You
Lloyds TSB suffers internet banking problems
Bulging tweet: lewd photo leaves politician red-faced
Skype partner update leads to worm fears
#HITBSecNews - The Revolution Begins 1st June 2011
Skype Suffers Outage: What You Need to Know
Playstation Network Down Still as Sony Rolls Out New Identity Theft Protection M
French "three strikes" anti-piracy software riddled with flaws
CERT
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
Computer World Security
Dot-org domains can now be protected by DNSSEC
iPhones, iPads in the enterprise: 5 security views
Fiberlink aims to cut costs with cloud patch management
Apple leaves iPad vulnerable after monster iPhone patch job
Trustwave buys application firewall maker
The 4 tiers of a secure B2B framework
World Cup: Guard labor strike was a game-changer
Why security needs to catch up to Web 2.0
Most firms face security 'red alert' as XP SP2's retirement looms
Wireless security myths 2010
Avenda offers full-featured network access control
Alcatel-Lucent/InfoE xpress combo needs better integration
Ultimate guide to network access control products
Network access control vendors pass endpoint security testing
The Grill: Patricia Titus
FireEye Lab
YAJ0: Yet Another Java Zero-Day
It's a Kind of Magic
The Number of the Beast
In Turn, It's PDF Time
LadyBoyle comes to town with a new exploit
YAJ0: Yet Another Java Zero-Day
It's a Kind of Magic
The Number of the Beast
In Turn, It's PDF Time.
LadyBoyle comes to town with a new exploit
An Encounter with Trojan Nap
Operation BEEBUS
Hackers Targeting Taiwanese Technology Firm
Happy New Year from New Java Zero-Day
CFR Watering Hole Attack Details
Linux Security
sec-wall: Open Source Security Proxy
Securing a Linux Web Server
Password guessing with Medusa 2.0
Peter Smith Releases Linux Network Security Online
Password guessing as an attack vector
Squid and Basic Authentication
Squid and Digest Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
Using the sec-wall Security Proxy
sec-wall: Open Source Security Proxy
Book Review: Linux Kernel Programming
Securing a Linux Web Server
What You Need to Know About Linux Rootkits
Password guessing with Medusa 2.0
NetSec Blog
FBI launches cybersecurity project - from Keith
Wonderful bedtime stories - The Metasploit (wiki) ...
Pretty good ideas:The 10 Commandments for New Lin...
"Safe Bedside Table"
Speaking of Bad Guys
Nothing new here - Monster.com hacked, 1.6 million...
Storm Worm Strikes Back
Delete This! - A series of legal events means that...
U.S. legal time changing to UTC
Source Code Subpoena Request as Legal Defense Tact...
Design flaw in AS3 socket handling allows port pro...
Sprint to offer WiMAX-enabled Nokia N800 in 2008
Helix 1.9a Released
Will security firms detect police spyware?
Fall Classes Start August 23rd ITN260 Network Se...
ZDNet US Security
Microsoft to start phasing out its NNTP newsgroups
Apple vs. Adobe on antitrust: Should regulators dictate what's in an SDK?
Report: DOJ and FTC investigating Apple (Updated)
Apple in antitrust crosshairs? If so, Jobs' Flash rant makes more sense
Jailbreak for iPad and newer iPhone released
Counterfeit check security alert (5/3/2010)
Behind the open codec FUD attack
Avatar Blu-ray DRM bites legitimate customers
Facebook's privacy timeline: Possible backlash or just evolution?
Serious XSS flaw haunts Microsoft SharePoint
How to remove the ICPP Copyright Violation Alert ransomware
Microsoft's new directory-federation services finally ready to roll
iPad owning Windows users targeted by hackers
Google: Fake antivirus makes up 15 percent of all malware
iPad users on Windows targeted with malware
ZDNet UK Security
Mobile M2M connections set to rocket
India to create 8m outsourcing jobs in next decade
Mobile tech gets cautious praise from aid groups
Wi-Fi operator launches automatic sign-on tool
Microsoft platform tops Web 2.0 developer survey
Verizon funds undersea internet cable network
Vodafone lands multinational iPhone deal
India mulls tax-break extension for outsourcers
Microsoft resumes XP SP3, Vista SP1 updates
McAfee strikes Yahoo search deal
Sun previews JavaFX for rich web applications
Microsoft and Yahoo: The next step
Sun shows off JavaFX platform
Auction site QXL going, going, gone
Sun demos JavaFX apps
Politechbot
Politicians push for mandatory data retention laws, bipartisanly
Who'd make the most technology-friendly president? Discuss.
Judge rules defendant can't be forced to divulge PGP passphrase
David Burt and his Filtering Facts Web site are back
ITU botnet paper published in draft form, comments requested
FTC Internet advertising summit in Washington this week
Hamline University student suspended after pro-gun rights email
MIT student picking up friend at airport nearly shot, charged with "infernal machine" crime
Colorado sheriff creates roadblock so private firm can demand DNA blood samples
Paul Levy: Politicians, infomercial kings try to stifle anonymous Internet speech
Federal police will gain access to military spy satellites
Congress at its finest: P2P networks as "national security threat"
Sen. John Kerry wants to outlaw "transmitting" dog fighting images
Whoops! Nevada governor accidentally posts Outlook password
FBI remotely installs spyware to trace bomb threat
Slashdot
Group Wants To Recover 36-Year-Old Historic Spacecraft From Deep Space
Former US Test Site Sues Nuclear Nations For Disarmament Failure
New White House Petition For Net Neutrality
Are Habitable Exoplanets Bad News For Humanity?
Ask Slashdot: Books for a Comp Sci Graduate Student?
Panel Says U.S. Not Ready For Inevitable Arctic Oil Spill
Apple, Google Agree To Settle Lawsuit Alleging Hiring Conspiracy
DC Revolving Door: Ex-FCC Commissioner Is Now Head CTIA Lobbyist
Brazil Approves Internet Bill of Rights
Astronomers Discover Pair of Black Holes In Inactive Galaxy
New Shape Born From Rubber Bands
Consumers Not Impressed With 3D Printing
Verizon and New Jersey Agree 4G Service Equivalent to Broadband Internet
Google Plus Now Minus Chief Vic Gundotra
iPad Fever Is Officially Cooling
Government Computer News
Report: WikiLeaks source exploited security flaw
Out with the old security configurations, in with the new
Stuxnet story is high-profile but still out of reach
7 social media resolutions to keep in the new year
Lump of coal: No Android for your agency
Microsoft rolls out HTML5 Labs test site
Army salutes top 10 battlefield inventions
WikiLeaks app disappears from Apple App Store
To secure agency systems, start at the top
Do commercial electronics threaten military security?
NASA ahead of the curve in real-time IT security
The WikiLeaks lesson? It’s classified.
After the spending bill: What now?
FISMA 'capstone' document ready for public scrutiny
Group aims to help secure the technology supply chain
InfoSec News
Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools
ICANN taps DefCon founder for top security spot
US-Russian dictionary defines cyber war, other concepts
Unfollowed: How a (Possible) Social Network Spy Came Undone
Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !
Phone-hacking laws are 'very uneven and unclear'
PlayStation credit card data was encrypted
Oracle hedging its vulnerability reports?
Are we talking "cyber war" like the Bush admin talked WMDs?
Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College
Cyberespionage: US finds FBI agents in elite unit lack necessary skills
[ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)
Police: Wireless network hacker targeted Seattle-area businesses
Is Iran just seeing Stars?
China Implicated In Hacking Of SMB Online Bank Accounts
CNet
The Web out-Picassos itself: Welcome, sticky tape selfies
Microsoft: Here's $100 if you drop Windows XP
Phil Spencer on Xbox One 'always-on' debacle: 'We could have been more clear'
Microsoft revises privacy policy in wake of Hotmail search case
San Francisco Airport uses tech to meet runway safety standards
Runway safety improvements under way at SFO (pictures)
Dolby to put Atmos surround sound on tablets, smartphones
Behind the sounds of Infamous: Second Son
Get your body into VR games
Apple considering a Spotify rival and iTunes Android app
Obama talks spying with Facebook's Zuckerberg, Google's Schmidt
Google speeds WebP image format, brings animation support to Chrome
Automating your 2048 game
Samsung shows business customers how to be high tech
2048 starts easy; gets hard. Here's how to make it easy again
InfoSec Officer
RAWR: Rapid Assessment of Web Resources
Amazing Write-Up on BillGates Botnet - With Monitoring Tools Source!
The Links - Yes They are Broken :(
Cheat Sheet: Master Boot Record
How the Heck Do You Test the Security of IPv6? Here's the Guide!
From The Toolkit: Extending Burp Proxy with Extensions
EyeWitness: Rapid Web Application Triage Tool
OS X/IOS SSL Flaw Proof of Concept Tool
Seven Hours of Video from TrustyCon 2014
Jamming WiFi For Annoyance and No Profit
From the Toolkit: Create Your Own Wordlists From Anything
The World's Worst Penetration Test Report by #ScumbagPenTester
From the Toolkit: HashData
U.S. Department of Defense Information Assurance Scholarship Available
Flaw in Microsoft Office 365 Allows "Perfect Crime"
Rootsecure.net
Cisco Zine: Unicast flooding due to asymmetric routing
Acros Security: Adobe Reader X (10.1.2) msiexec.exe Planting
Marco Ramilli's Blog: CVE-2012-0507
Cisco Zine: Twelve Cisco vulnerabilities
Cisco Zine: Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera buffer overflow
Offensive Security: FreePBX Exploit Phone Home
Cisco Zine: How to perform SSH RSA User Authentication
The Register: Researchers find MYSTERY programming language in Duqu Trojan
arstechnica: Stakeout: how the FBI tracked and busted a Chicago Anon
Marco Ramilli's Blog: Steganography Tools - a non exhaustive survey
arstechnica: Doxed: how Sabu was outed by former Anons long before his arrest
arstechnica: How Anonymous plans to use DNS as a weapon
Marco Ramilli's Blog: An interesting tool for your SwissKnife
Cisco Zine: Cisco Linksys WAG54GS CSRF Change Admin Password
Cisco Zine: How to create self-signed certificates
Security Focus
Infocus: Enterprise Intrusion Analysis, Part One
More rss feeds from SecurityFocus
News: Change in Focus
News: Google: 'no timetable' on China talks
News: Monster botnet held 800,000 people's details
News: MS uses court order to take out Waledac botnet
News: Latvian hacker tweets hard on banking whistle
Brief: Google offers bounty on browser bugs
Brief: Cyberattacks from U.S. "greatest concern"
Brief: Microsoft patches as fraudsters target IE flaw
Brief: Attack on IE 0-day refined by researchers
News: PhotoDNA scans images for child abuse
News: Twitter attacker had proper credentials
News: Conficker data highlights infected networks
Infocus: Responding to a Brute Force SSH Attack
Security Focus BugTraq
Vuln: Oracle Java SE CVE-2014-2420 Remote Security Vulnerability
Vuln: Multiple Oracle Java Products 'unpack.cpp' Insecure Temporary File Creation Vulnerability
Bugtraq: [security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
Vuln: CUPS Web Interface Cross Site Scripting Vulnerability
Vuln: Linux Kernel 'tcp_rcv_state_proce ss()' Function Denial of Service Vulnerability
Bugtraq: Birebin.com Android App SSL certificate validation weakness
Bugtraq: Misli.com Android App SSL certificate validation weakness
Bugtraq: [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service
Vuln: Microsoft Internet Explorer CVE-2014-0274 Memory Corruption Vulnerability
Vuln: CA Erwin Web Portal CVE-2014-2210 Multiple Directory Traversal Vulnerabilities
Vuln: Microsoft Internet Explorer CVE-2014-0285 Memory Corruption Vulnerability
Bugtraq: [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
Full Disclosure @Insecure.org
[ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical)
Advisory: jruby-sandbox Breakout
Request for help exploiting seunshare
CVE-2014-2383 - Arbitrary file read in dompdf
CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive
CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
Parallels Plesk Panel 12.x & 11.x /etc/psa/private/sec ret_key leakage
(CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability
CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress
BlackArch Linux / New ISOs released
RAT C2 Domains
phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerabil ity
Re: [ANN] Struts 2.3.16.1 GA release available - security fix
SecurityTracker Vulnerabilities
Apache Struts Bug Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
Django Bugs Let Remote Users Execute Arbitrary Code, Modify SQL Queries, and Obtain Potentially Sensitive Information
Attachmate Reflection OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
HP integrated Lights Out (iLO) SSL Library Bug Lets Remote Users Deny Service
Xen GIC Distributor Access Control Flaw Lets Local Users on the Guest Operating System Deny Service on the Host Operating System
Symantec Messaging Gateway Input Validation Flaw in 'displayTab' Parameter Permits Cross-Site Scripting Attacks
AirPort Extreme and AirPort Time Capsule OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
Apple OS X Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Local Users Gain Elevated Privileges
Xen ARM Hardware Access Flaw Lets Local Guest Users Deny Service on the Host System
Apache Archiva Input Validation Flaw Permits Cross-Site Scripting Attacks
Bugzilla Input Validation Flaw Permits Cross-Site Request Forgery Attacks
Winamp Buffer Overflow and Pointer Dereference Bugs Let Remote Users Execute Arbitrary Code
VMware Workstation, Fusion, and Player OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
HP Universal Configuration Management Database Unspecified Flaw in Integration Service Lets Remote Authenticated Users Execute Arbitrary Code
HP Universal Configuration Management Database Unspecified Bug Lets Remote Authenticated Users Obtain Potentially Sensitive Information
Dana Epp's Weblog
Is Twittering safe?
Come have Coffee and Code in Vancouver with me and Microsoft tomorrow
Announcing Elevation of Privilege: The Threat Modeling Game
Reflecting on our Windows 7 birthday party
Time to party! Windows 7 is here!
RunAs Radio podcasts you might want to listen to
Coding Tip: Why you should always use well known SIDs over usernames for security groups
Major Windows 7 gotcha you should know about that may block you from upgrading
Microsoft SDL bans mempcy()... next it will be zeros!!!!
Using TS RemoteApp as an attack vector
Is Twittering safe?
Come have Coffee and Code in Vancouver with me and Microsoft tomorrow
Announcing Elevation of Privilege: The Threat Modeling Game
Reflecting on our Windows 7 birthday party
Time to party! Windows 7 is here!
Cryptome
How to Donate
Cryptome
How to Donate
Texting Ban While Driving Commercial Vehicles
Funds for More Cops and Spies on Campus
SWIFT Lawful Spying Guide (337KB)
One Communications Lawful Spying Guide
Integra Telecom Lawful Spying Guide
Go Daddy Lawful Spying Guide
Masterspy Inflates and Churns Trivial Spy Info
National Security Threatened by Insane Waste (5.6MB)
DHS Inflates and Churns Aviation-Surface Sec
Law Enforcement Online Spying Guide (1.8MB)
CIA BBC Long-time Spy Partners (2MB)
Spy Reform Rest in Peace (879KB)
Silicon Security
ID cards: Seven years of missed deadlines and U-turns
Leaked report reveals billions in budget cuts for public sector IT
Photos: When hackers get together to do the world a favour
Why you must rein in your power users
Is losing a mobile device really such a big deal?
Trojan bank fraud gang sentenced
UK ID cards rollout hit by delay as launch date revealed
£500,000 fine coming for businesses that lose data?
Naked CIO: Is IT responsible for workers' output and errors?
Bletchley Park's World War Two codebreakers in their own words
Phishers set their sights on corporate accounts
'You're responsible for your own wi-fi security' say ISPs
'UK must up privacy safeguards following Phorm'
Hackers breach Guardian Jobs site
Video: 60-Second Pitch: End-point security
Netcraft
Certificate revocation: Why browsers remain affected by Heartbleed
Chrome users oblivious to Heartbleed revocation tsunami
Netcraft releases Heartbleed indicator for Chrome, Firefox, and Opera
Revoke! The time is nigh!
Heartbleed certificate revocation tsunami yet to arrive
Thousands of websites still hosted on Windows XP
Half a million widely trusted websites vulnerable to Heartbleed bug
.Aero Air Safety Site Hijacked
Most Reliable Hosting Company Sites in March 2014
April 2014 Web Server Survey
WordPress hosting: Do not try this at home!
EA Games website hacked to steal Apple IDs
Most Reliable Hosting Company Sites in February 2014
March 2014 Web Server Survey
Microsoft neck and neck with Amazon in Windows hosting
Reuters - Tech/Internet
China Communist Party mouthpiece demands 'rectification' of satirical Twitter account
Internet industry seen as winner at global conference in Brazil
Baidu forecasts stronger-than-expect ed second-quarter revenue
Amazon's revenue increases even as spending rises
Rapid7 hires mobile hacking expert Nick Percoco
FCC pushes back against criticism over Internet traffic plan
Facebook courts journalists with newswire tool
Apple, Google agree to settle lawsuit alleging hiring conspiracy
Amazon posts higher-than-expected revenue, shares rise
AOL raises China presence with Sun Media Group partnership
Comcast's Fandango ticket service buys MovieClips
Big tech companies offer millions to help with Heartbleed crisis
All at sea: global shipping fleet exposed to hacking threat
U.S. regulators to propose new net neutrality rules in May
Brazil's Rousseff praises U.S. for relaxing grip on Internet
InfoSec Writers
TERMPAPER: Smart Phone Hacking
An Analysis of the IDS Penetration Tool: Metasploit
Old School Newbie Guide circa 2000
Analysis of Malicious Software Infections
Malware in Information Security
DoS! Denial of Service
Experimental Review of IPSec Features to Enhance IP Security
Internet Acceptable Use Policies: Drawing the line
Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security
Getting maximum value from Penetration Testing
Cloud Computing – Storm Clouds or is it Smooth Flying?
An Analysis of the IDS Penetration Tool: Metasploit
Old School Newbie Guide circa 2000
Analysis of Malicious Software Infections
Malware in Information Security
OSVD
Oracle FLEXCUBE Universal Banking Core Component Unspecified Remote DoS
Oracle FLEXCUBE Universal Banking Core Component Unspecified Remote Information Disclosure
Oracle Agile PLM for Process Supplier Portal Component Unspecified Remote Issue
Oracle Agile PLM Install Component Unspecified Remote Issue
Oracle Agile PLM Supplier Portal Component Unspecified Remote Issue
Oracle Agile PLM SCRM - Company Profiles Component Unspecified Remote Issue
Oracle AutoVue Office Desktop API Component Unspecified Remote Issue
Oracle iPlanet Web Server Administrator Console Unspecified XSS
Linux Kernel net/ipv6/xfrm6_tunne l.c xfrm6_tunnel_rcv() Function Use-after-free IPv6 Packet Parsing Remote DoS
KVM Memory Leak IOMMU Device Mapping Unpinning Local DoS
RuggedCom Rugged Operating System (ROS) Hardcoded Credentials
Oracle Grid Engine Unspecified Local Privilege Escalation
PolicyKit wheel Group Local Admin Privilege Ecalation
Oracle Solaris Kernel/Privileges Component Unspecified Local Privilege Escalation
Oracle Solaris libsasl(3LIB) Component Unspecified Remote Issue
Microsoft Security
MS11-057 - Critical: Cumulative Security Update for Internet Explorer (2559049)
MS11-058 - Critical: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
MS11-059 - Important: Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
MS11-060 - Important: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
MS11-061 - Important: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
MS11-062 - Important: Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-053 - Critical: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
MS11-054 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
CNet Security
Microsoft defends opening Hotmail account of blogger in espionage case
Microsoft sniffed blogger's Hotmail account to trace leak
Symantec fires CEO Steve Bennett
Syria's Internet goes dark for several hours
Microsoft sniffed private Hotmail account to trace trade secret leak
In most-anticipated SXSW talk in years, Edward Snowden fires up Austin
IBM's new services zero in on fraud, financial crime
In most-anticipated SXSW talk in years, Edward Snowden fires up Austin
In most-anticipated SXSW talk in years, Edward Snowden fires up Austin
Despite assault on privacy, Page sees value in online openness
In most-anticipated SXSW talk in years, Edward Snowden fires up Austin
Microsoft touts study showing the cost of pirated software
NSA top lawyer says tech giants knew about data collection
Hackers transform EA Web page into Apple ID phishing scheme
WikiLeaks' Julian Assange: NSA critics got lucky because agency had no PR strategy
F-Secure Weblog
F-Secure and David Hasselhoff
xkcd: Heartbleed Explanation
Lame "SEO" Android Apps Claim To Be Antivirus
Admins: why not review config standards as you fix Heartbleed?
Bliss
DeepGuard 5 vs. Word RTF zero-day CVE-2014-1761
April 8th: Not Just About XP
Coremex Innovates Search Engine Hijacking
Targeted Attacks and Ukraine
Gameover ZeuS Targets Monster
Vero Phishing Sighted
Gameover ZeuS Jumps on the Bitcoin Bandwagon
On NSA Hijacking of IRC Bots
Governments, The Web and Surveillance
How many Beliebers will blindly click on a link?
Schneier on Security
Friday Squid Blogging: Giant Squid Found Off the Coast of Spain
Conspiracy Theories and the NSA
Another Interview
The NSA's Cryptographic Capabilities
The NSA Is Breaking Most Encryption on the Internet
Journal of Homeland Security and Emergency Management
The Effect of Money on Trust
Human/Machine Trust Failures
SHA-3 Status
Business Opportunities in Cloud Security
Syrian Electronic Army Cyberattacks
Our Newfound Fear of Risk
1983 Article on the NSA
Opsec Details of Snowden Meeting with Greenwald and Poitras
Friday Squid Blogging: Bobtail Squid Photo
Kasperky Lab Weblog
It’s an Easter Spam Eggs-traviganza!
A new version of Sality at large
Malicious Javascript vs. card reader
Moscow bombings lead to Twitter malware 'bombings'
The TJX Hacker Black SEO Campaign
No honor among thieves – even in Germany
It takes only one 'nice' person
Active Koobface C&C servers hit a record high – 200+ and counting
Koobface C&C servers steadily dropping - new spike coming soon?
New Brazilian banking Trojans recycle old URL obfuscation tricks
Lock, stock and two smoking Trojans: bank robbery in the 21st century
Adobe yet again
When too much is not enough too much.
Patch Tuesday
Too many passwords?
Network World Fusion
Geopolitics aside, Huawei still selling to carriers in the US
Security vendor blames Amazon for customer malware
Heartbleed prompts joint vendor effort to boost OpenSSL, security
'Francophoned 9; cybertheft operation reportedly back in action
Tip of the Hat: Heartbleed prompts chastened tech giants to fund OpenSSL
Russian SMS Trojan for Android hits US, dozens of other countries
Brazil's global Internet conference includes call to end spying
Cloud Attacks Are Following Enterprise Workloads
Privacy jitters derail controversial K-12 big data initiative
Megaupload seeks return of millions in frozen Hong Kong assets
We Heart It turns off Twitter sharing following spam
Verizon breach report makes case for behavioral analytics
Self-taught hackers rule
Healthcare IT Security Brings Challenges, Opportunities, but No Big Surprises
Search and rescue group sues FAA over drone use
SANS
ISC StormCast for Friday, April 25th 2014 http://isc.sans.edu/ podcastdetail.html?i d=3951, (Thu, Apr 24th)
Apache Struts Zero Day and Mitigation, (Thu, Apr 24th)
Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple .com/kb/HT1222, http://support.apple .com/kb/HT6208, http://support.apple .com/kb/HT6207, http://support.apple .com/kb/HT6203, (Thu, Apr 24th)
Fun with Passphrases!, (Thu, Apr 24th)
DHCPv6 and DUID Confusion, (Wed, Apr 23rd)
Be Careful what you Scan for!, (Thu, Apr 24th)
ISC StormCast for Thursday, April 24th 2014 http://isc.sans.edu/ podcastdetail.html?i d=3949, (Thu, Apr 24th)
Special Edition of OUCH: Heartbleed - Why Do I Care? http://www.securingt hehuman.org/newslett ers/ouch/issues/OUCH -2014-special_en.pdf , (Wed, Apr 23rd)
ISC StormCast for Wednesday, April 23rd 2014 http://isc.sans.edu/ podcastdetail.html?i d=3947, (Wed, Apr 23rd)
Apple Patches for OS X, iOS and Apple TV., (Tue, Apr 22nd)
Port 32764 Router Backdoor is Back (or was it ever gone?), (Tue, Apr 22nd)
Allow us to leave!, (Mon, Apr 21st)
ISC StormCast for Tuesday, April 22nd 2014 http://isc.sans.edu/ podcastdetail.html?i d=3945, (Tue, Apr 22nd)
Finding the bleeders, (Mon, Apr 21st)
OpenSSL Rampage, (Mon, Apr 21st)
2600
NEW 'Off The Hook' ONLINE
NEW 'Off The Wall' ONLINE
NEW HOPE X WEBSITE HIGHLIGHTS DISSENT THEME OF CONFERENCE
SPEAKER SUBMISSIONS FOR HOPE X CLOSING APRIL 30
NEW 'Off The Hook' ONLINE
NEW 'Off The Wall' ONLINE
WINTER ISSUE OF 2600 RELEASED
HOPE X NOW ACCEPTING BITCOINS
HOPE X SPECIAL HOTEL RATES ANNOUNCED
CALL FOR SPEAKERS, WORKSHOPS, ART AT HOPE X
HOPE X TICKET SALES TO BENEFIT ELECTRONIC FRONTIER FOUNDATION
HOPE X COORDINATING MEETINGS FRIDAY
DANIEL ELLSBERG TO KEYNOTE AT HOPE X
SPRING ISSUE OF 2600 RELEASED
NEW 'Off The Wall' ONLINE
CNet Security Blog
Matterport 3D modeled a CNET studio in less than 2 hours
Your very own piece of galactic history (pictures)
Ways to view March Madness
Google Maps sails down the Colorado River (pictures)
The Blue Angels acrobatics are back (pictures)
NBA pros wear Google Glass to give fans a new point of view
The NBA puts you in the game with wearable tech (pictures)
NBA players wear Glass to enhance fan experience
James Bond's deadliest cars, boats, and jetpacks (pictures)
Wearable Technology Show dons fitness trackers, smart shorts (pictures)
Jules Verne-inspired steampunk submarine star of garden show (photos)
Hands-on with Oppo's Quad HD Find 7 phone (pictures)
Tech to enhance March Madness
Developers now have access to Oculus Rift Dev Kit 2 (pictures)
Tech to help decide on a college
SecuriTeam
NProtect Anti-Virus Privilege Escalation Vulnerability
Ripe HD FLV Player Plugin for WordPress Multiple Script Direct Request Path Disclosure Vulnerability
ZIP With Pass For Android Remote Path Traversal File Overwrite Vulnerability
VMware Multiple Products Invalid Port Handling Local DoS Vulnerability
SyncEvolution /src/syncevo/install check-Local.sh Multiple Local Symlink File Overwrite Vulnerability
Red Hat CloudForms Management Engine Destructive Action Request Protect_from_forgery Mechanism Bypass CSRF Vulnerability
Oracle Java JDK / JRE Security Component XML Document Canonicalization Sandbox Bypass Vulnerability
Oracle Java JDK / JRE / JRockit 2D Component Layout Lookup TTF Font Parsing Remote Code Execution Vulnerability
Oracle Java JDK / JRE CORBA Component Stub Factories Permission Handling Information Disclosure Vulnerability
Movable Type Rich Text Editor Multiple Stored XSS Vulnerability
MediaWiki PdfHandler_body.php Remote Shell Command Injection Vulnerability
Linux Kernel /drivers/net/wan/far sync.c Fst_get_iface() Function Local Kernel Memory Disclosure Vulnerability
JustSystems Sanshiro File Parsing Arbitrary Code Execution Vulnerability
HIOX GUEST BOOK /HGB/add.php Multiple Parameter XSS Vulnerability
General Electric (GE) Fanuc Proficy HMI/SCADA IFIX External Media Autorun Environment Protection Bypass Vulnerability
Security Docs
54353
pass
SQL Injection Attack and Defense
Encryption Formula: In the True Light of Science
Writing syslog messages to MySQL
54353
pass
SQL Injection Attack and Defense
Encryption Formula: In the True Light of Science
Writing syslog messages to MySQL
Configuration of IPS to improve Incident Response Time
Foundations of Cryptography
SQL Injection Attack and Defense
Encryption Formula: In the True Light of Science
Writing syslog messages to MySQL
ZDNet - Security
Symantec fires CEO Steve Bennett
Syria's Internet goes dark for several hours
Microsoft defends opening Hotmail account of blogger in espionage case
Microsoft sniffed blogger's Hotmail account to trace leak
IBM's new services zero in on fraud, financial crime
Despite assault on privacy, Page sees value in online openness
NSA top lawyer says tech giants knew about data collection
Hackers transform EA Web page into Apple ID phishing scheme
Microsoft touts study showing the cost of pirated software
How to spy on your lover, the smartphone way
Mt. Gox update lets users see their Bitcoin balances
Fake Malaysia Airlines links spread malware
IBM: No, we did not help NSA spy on customers
Beware this big iOS flaw -- and it's not alone
Twitter CEO heads to China to meet with officials
Security Fix
Farewell 2009, and The Washington Post
Twitter.com hijacked by 'Iranian cyber army'
Hackers exploit Adobe Reader flaw via comic strip syndicate
Group IDs hotbeds of Conficker worm outbreaks
Hackers target unpatched Adobe Reader, Acrobat flaw
Check your Facebook 'privacy' settings now
Paper-based data breaches on the rise
Critical updates for Adobe Flash, Microsoft Windows
Security Fix author named 'cybercrime hero'
La. firm sues Capital One after losing thousands in online bank fraud
Phishers angling for Web site administrators
Apple issues security updates for Mac OS X
Bit.ly to scour shortened links for badness
Nastygram: CDC 'swine flu' vaccine scam
DC businessman loses thousands after clicking on wrong e-mail
eEye Advisories
eEye Retina Wireless Scanner .RWS File Processing Memory Corruption
Multiple Vulnerabilities in CA ARCserve for Laptops and Desktops
BitDefender Online Scanner 8 Double Decode Heap Overflow
Multiple Vulnerabilities In .FLAC File Format and Various Media Applications
CA BrightStor ARCserve Backup Server Arbitrary Pointer Dereference
VGX.DLL Compressed Content Heap Overflow Vulnerability
Windows Metafile AttemptWrite Heap Overflow
eEye Retina Wireless Scanner .RWS File Processing Memory Corruption
Multiple Vulnerabilities in CA ARCserve for Laptops and Desktops
BitDefender Online Scanner 8 Double Decode Heap Overflow
Multiple Vulnerabilities In .FLAC File Format and Various Media Applications
CA BrightStor ARCserve Backup Server Arbitrary Pointer Dereference
VGX.DLL Compressed Content Heap Overflow Vulnerability
Windows Metafile AttemptWrite Heap Overflow
eEye Retina Wireless Scanner .RWS File Processing Memory Corruption
iDefense Vulnerabilities
Microsoft Windows Kernel Invalid Trap-Frame Management Privilege Escalation Vulnerability
Microsoft OLE CPropertyStorage::Re adMultiple Variant Type Confusion Vulnerability
Microsoft Excel LABELSST Record Memory Corruption Vulnerability
Microsoft Windows Media Player DVR-MS Memory Corruption Vulnerability
Microsoft Internet Explorer Time Element Behavior Use-After-Free Vulnerability
Adobe Shockwave .w32 FLST Heap Buffer Overflow Vulnerability
Apple Safari font-face Use-After-Free Vulnerability
Novell ZenWorks Handheld Management ReadStatusRecordData Integer Overflow Vulnerability
Novell ZenWorks Handheld Management Unicode String Parsing Integer Overflow Vulnerability
HP StorageWorks P4000 Virtual SAN Remote Command Execution Vulnerability
Multiple Vendor WebKit XML Use-After-Free Vulnerability
RealNetworks RealPlayer AAC Codec Memory Corruption Vulnerability
RealNetworks RealPlayer RealVideo Renderer Memory Corruption Vulnerability
RealNetworks RealPlayer RVRENDER Heap Buffer Overflow Vulnerability
Sybase M-Business Anywhere Insecure Permissions Vulnerability
MSRC Blog
Security Advisory 2028859 Released
May 2010 Security Bulletin Webcast
May 2010 Security Bulletin Release
Advance Notification for the May 2010 Security Bulletin Release
Update on MS10-016 for Microsoft Producer
Security Advisory 983438 Released
MS10-025 Re-Release Ready
Update on MS10-025
MS10-025 Security Update to be Re-released
Guidance on Internet Explorer XSS Filter
April 2010 Security Bulletin Release
New email address for Microsoft security email notifications
April 2010 Bulletin Release Advance Notification
New Twitter Account: @MSFTSecResponse
March Out-of-Band Security Bulletin Webcast
milw0rm
Winplot (.wp2 File) Local Buffer Overflow Exploit
cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit
CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
ProdLer
Loggix Project
WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
Snort < 2.8.5 Unified1 Output Denial of Service Exploit
Joomla com_jinc (newsid) Blind SQL Injection Vulnerability
Joomla com_mytube (user_id) Blind SQL Injection Exploit
BigAnt Server
Joomla com_surveymanager (stype) SQL Injection Vulnerability
DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities
Joomla com_jbudgetsmagic (bid) Remote SQL Injection Vulnerability
FSphp 0.2.1 Multiple Remote File Inclusion Vulnerabilities
Zainu (album_id) Remote SQL Injection Vulnerability
Infoworld - Zero Day
Taking down teen hackers
Crimeware-as-a-servi ce taking off
Start-up wins NSF grant, pitches new AV
Exploring the data security quandary
Outlook bleak for Phishing defeat
Core finds new CEO
Conference seeks to bridge risk, research
Clarke sharply criticizes Bush cyber-security plans
Research: IT security maturing, but misaligned
Tips on employee monitoring
Most sites still hack-able
Web attacks won't stop
Badware not pushing users offline
Researchers uncover 100 VoIP vulnerabilities
Innovation, regulation and research on tap at RSA 2008
Security Reason
Solarwinds Storage Manager 5.1.0 SQL Injection
Strato Newsletter Manager Directory Traversal
GENU CMS 2012.3 SQL Injection
PHP-Pastebin Cross Site Scripting
MyChipTime CMS Cross Site Scripting
Winds Online SQL Injection
Symantec pcAnywhere Remote Code Execution
Symantec pcAnywhere Insecure File Permissions / Privilege Escalation
Mikrotik Router Denial Of Service
Samsung NET-i Viewer Active-X SEH Overwrite
Drupal Node Gallery 6.x Cross Site Request Forgery
Drupal cctags 6.x / 7.x Cross Site Scripting
Drupal Taxonomy Grid 6.x Cross Site Scripting
Drupal Glossify Internal Links Auto SEO 6.x Cross Site Scripting
MyClientBase 0.12 SQL Injection
Out Law
OECD gives companies anti-bribery advice
EU ministers back revival of old IP enforcement law
Rescuecom drops AdWords suit
ASA to take over Facebook, Twitter regulation
Ofcom wades into UK 'Net Neutrality' row
Why it's hard to buy eyewear online: E-tailer complains to OFT
Superfast broadband would hit 70% coverage with no funding, says Government
YouTube adds captions for all videos to improve accessibility
YouTube threatened by changes to Digital Economy Bill
Contractual interest on damages does contribute to capped sum, rules High Court
Government slashes libel success fees
EU consults on universal broadband obligation
Germany's data retention law ruled unconstitutional over privacy concerns
ACTA will not undermine individuals' rights, says EU Commission
Google convictions reveal two flaws in EU law, not just Italian law
Heise Security
MOD scatters laptops like confetti
Vista's Integrity Levels, Part 1
Vista's Integrity Levels, Part 2
WDM Driver Test
Fuzzy ways of finding flaws
The year 2008 in a review through the crystal ball
Basic security for PHP software
Antivirus software as a malware gateway
Manipulated ATMs
Logging onto Windows networks without a password
Structure of the "Russian Business Network"
The HMRC data loss - the real implications
A second look at the Mac OS X Leopard firewall
Secure programming
Modern Hydra - the new tricks of spammers and phishers
HP Security Bloggers
Mass web attack comprimises thousands of sites via SQL Injection
Top Five Web Application Vulnerabilities 05/24/10 - 06/06/10
Lack of national data breach standards places burden on small businesses
Psychology of "Secure Code"
Top Five Web Application Vulnerabilities 5/10/10 - 5/23/10
HP’s updated Application Security Software takes aim at vulnerabilities
Top Five Web Application Vulnerabilities 4/27/10 - 5/9/10
Web application security still misunderstood
Source: Boston Talk
The Lesser of Two Weevils
Episode 30 - "But wait! there's more!"
Episode 29 - "Grade A+ Broken"
ASP.NET Cross-Site Scripting Followup: Mono
Episode 28 - "Making Your Vote Count (a lot)"
Episode 27 - "How to DoS an Airplane"
Light Blue Touchpaper
PhD studentship: Model-based assessment of compromising emanations
Latest health privacy scandal
Current state of anonymous email usability
Health privacy: complaint to ICO
Hardware Scrambling – No More Password Leaks
Ghosts of Banking Past
Financial cryptography 2014
Health privacy: not fixed yet
Research Assistants and Associates in OS, Compiler and CPU Security
WEIS 2014: last call for papers
NHS opt out: not what it seems
Why dispute resolution is hard
Untrue claims by NHS IT chief
Why bouncing droplets are a pretty good model of quantum mechanics
Call for Papers: 14th Privacy Enhancing Technologies Symposium (PETS 2014)
ZDNet - Zero Day
Android app malware rates jump 40 percent
Single Android flaw can be used to target entire enterprise
iOS 7 records, displays user location data: Reactions from the trenches
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence
Cybersecurity incentive proposals from White House underwhelm
U.S. cloud industry stands to lose $35 billion amid PRISM fallout
Windows Phones open to hackers when connecting to rogue Wi-Fi
BGP spoofing - why nothing on the internet is actually secure
Trust the PKI or it's anarchy on the Internet
Carriers rush to fix SIM card vulnerability — by hacking into them
Best of Show, Black Hat USA 2013 Vendors and Sponsors
Researchers reveal details of active 'Comfoo' cyberespionage campaign
CFAA violations key to 2012 Obama victory?
Researchers reveal how to hack an iPhone in 60 seconds
Black Hat USA 2013: Day One, In Pictures
Secure Works
Carrier IQ: Requires Additional Review
Transitive trust and SSL certificate verification
PCI Guidance on Virtualization and Cloud
DELL SECUREWORKS PARTNERS WITH QUALYS TO DELIVER SAAS-BASED VULNERABILITY MANAGEMENT SERVICES
Recent events cause re-assessment of SecurID integrity
Announcement: DELL SECUREWORKS WINS EUROPES MANAGED SECURITY SERVICE PROVIDER (MSSP) OF THE YEAR FROM SC MAGAZINE
April 2011 Patch Tuesday sets a new record
"Sony PlayStation Network Breach"
"Imperva SecureSphere XSS and the nature of security-product vulnerabilities"
Threat Analysis: RSA compromise: Impacts on SecurID
The Cloud Security Silver Lining
News: Happy birthday Dell: The beginning of an evolution/revolution (TG Daily)
Carrier IQ: Requires Additional Review
Transitive trust and SSL certificate verification
PCI Guidance on Virtualization and Cloud
Prevx
TDL4 rootkit is coming back stronger than before
ZeroAccess, an advanced kernel mode rootkit
Mozilla Firefox 4 just arrived: where is Electrolysis?
Carberp hits ZeuS and AV software
TDL4 rootkit is coming back stronger than before
ZeroAccess, an advanced kernel mode rootkit
Mozilla Firefox 4 just arrived: where is Electrolysis?
Carberp hits ZeuS and AV software
TDL4 rootkit is coming back stronger than before
ZeroAccess, an advanced kernel mode rootkit
Mozilla Firefox 4 just arrived: where is Electrolysis?
Carberp hits ZeuS and AV software
SpyEye, the infostealing trojan leader
Ransomware lands on the MBR
TDL4 exploits Windows Task Scheduler flaw
XSSed
Not surprisingly, McAfee websites are susceptible to XSS attacks
F-Secure, McAfee and Symantec websites again XSSed
Happy New Year 2012!
Another Ebay permanent XSS
Secure Amazon Seller Central password reset page XSSed
EV SSL-secured live PayPal site vulnerable to XSS
Persistent XSS bug discovered on eBay
More American Express sites vulnerable to XSS and open redirects
Cross-site scripting hole in American Express site using EV SSL
Amazon hit by persistent XSS vulnerability
Not surprisingly, McAfee websites are susceptible to XSS attacks
F-Secure, McAfee and Symantec websites again XSSed
Happy New Year 2012!
Another Ebay permanent XSS
Secure Amazon Seller Central password reset page XSSed
SANS Computer Forensics
"#FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July"
"HeartBleed Links, Simulcast, etc."
"Signature Detection with CrowdResponse"
"The Importance of Command and Control Analysis for Incident Response"
"SANS #DFIR Polo Shirt - Online Ordering"
"Finding Evil on Windows Systems - SANS DFIR Poster Release"
"Faster SIFT 3.0 Download and Install #DFIR #SIFT3"
"SANS SIFT 3.0 Virtual Machine Released"
"DFIR Summit Specials -- Till End of March! #dfir #dfirsummit"
"Stream-based Memory Analysis Case Study "
"Updates to FOR610 Malware Analysis Course Debuting in April in Orlando"
"SANS DFIR SUMMIT Agenda and Specials Annoucement"
"Tools for Analyzing Static Properties of Suspicious Files on Windows"
"Is OllyDbg Version 2 Ready for Malware Analysis?"
"Dealing with ASLR When Analyzing Malware on Windows 8.1"
ZDNet Zero Day
'Extremely severe' flaw in Opera web browser
Serious XSS flaw haunts Microsoft SharePoint
How to remove the ICPP Copyright Violation Alert ransomware
1.5 million Facebook accounts offered for sale - FAQ
'Google even knows what you're thinking'
Microsoft admits MS10-025 patch didn't fix vulnerability
Attack of the Opt-In Botnets
Hundreds of high profile sites unprotected from domain hijacking
Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime
Attackers hit Google single sign-on password system
Microsoft to fix security hiccups in IE 8 XSS filter
Researchers hack into Palm WebOS with text messages
Security gone awry: IE 8 XSS filter exposes sites to XSS attacks
Embedded PDF executable hack goes live in Zeus malware attacks
New Mac OS X malware variant spotted
Sophos - Graham Cluley
Firefox hit by critical zero-day vulnerability
Bredolab botnet shut down
Suspected Bredolab botnet operator arrested at Armenian airport
M00p virus-writing gang member pleads guilty
Will Google Street View encourage better Wi-Fi security?
6 year old's Happy Meal from McDonalds leads to Facebook clickjacking scam
Facebook sues CPALead CTO for alleged survey spamming
Facebook users call for application "walled garden" to protect against attacks
National Security Strategy: A windfall for computer security firms?
Yoinks! I'm a finalist in the Computer Weekly blog awards!
Cyberspace a "highest priority for UK national security", in black and green..
Cyberwarfare and Stuxnet discussed on Radio 4
Stuxnet on the BBC World Service
USA, your poorly protected PCs are polluting the world with spam
GCHQ chief talks of cyber attacks
[On your next visit to this page only news items you have not viewed will be displayed - cookies required]
Last Updated: Friday, 25th April 2014 @ 08:02:59