SecurityFocus News

Change in Focus Twitter attacker had proper credentials PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Conficker data highlights infected networks Google offers bounty on browser bugs Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Microsoft patches as fraudsters target IE flaw Attack on IE 0-day refined by researchers Monster botnet held 800,000 people's details

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Google: 'no timetable' on China talks Latvian hacker tweets hard on banking whistle MS uses court order to take out Waledac botnet

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Enterprise Intrusion Analysis, Part One Responding to a Brute Force SSH Attack Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 WiMax: Just Another Security Challenge? Time to Squish SQL Injection Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 The Scale of Security Hacker-Tool Law Still Does Little News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Nmap Hackers

Posted by Fyodor on Jul 16

Hi folks. It has been 3.5 months since the last Nmap release
(5.30BETA1 on March 29), and anyone following the nmap-dev list knows
that we've been very busy during that time. So I'm pleased to release
Nmap version 5.35DC1 containing the fruits of that labor. The Defcon
name is because that conference is awesome! And also because David
Fifield and I have an exciting Nmap talk planned there and at Black
Hat in a couple weeks (see...

Posted by Fyodor on Apr 30

Hi Folks. I have some Nmap news to share with you:

First off, I'm delighted to introduce the 2010 Nmap/Google Summer of
Code Team! Google has sponsored eight student developers to spend
this summer enhancing the Nmap Security Scanner and related projects,
so you can expect great things in coming months. Ithilgore and Luis
MartinGarcia are returning to improve Ncrack and Nping, new students
Drazen Popovic and Djalal Harouni will be working on...

Posted by Fyodor on Apr 14

Hi folks, I have a quick question for you:

Q: What do the Nmap Scripting Engine, Ndiff, and the Zenmap Topology
Mapper have in common?

A: They're all features which were added after you asked for them in
the 2006 Nmap Survey!

With that in mind, I'd like to thank the 1,013 people who have already
taken the 2010 survey. We just need 1,987 more and we can close this
survey up, tabulate and share results, choose the prize winners, and
post...

Posted by Fyodor on Apr 07

Hello everyone. I hope you're enjoying the 5.30BETA1 release. So far
it has proven stable and functional, so don't let the BETA name scare
you. You can get it at http://nmap.org/download.html. Meanwhile, I
have some great news, and I'm also asking for your help on two things.

The first is that the Nmap Project was again accepted for the Google
Summer of Code program, so we'll have full time coding help this
summer! SoC previously brought us...

Posted by Fyodor on Mar 29

Hi folks! It has been two months since the 5.21 release and we've
been very busy during that time! I hope you're happy with the results,
which is a new 5.30BETA1 release made today. Top features include:

o 37 new NSE scripts, bringing the total to 117! New scripts cover
SNMP, SSL, Postgress, MySQL, HTTP, LDAP, NFS, DB2, AFS, and many
more. Also check out the clever host scripts qscan and
ipidseq. Learn about them all at...

Posted by Fyodor on Jan 27

Hello everyone. I'm pleased to release Nmap 5.21, which contains zero
exciting new features! It is a bug-fix only release instead,
addressing about a dozen issues discovered since 5.20. Thanks for all
the testing and bug reports! None of the bugs are critical, but we
wanted to polish things up since 5.21 may be the latest stable version
for a while. That gives us time to tackle and stabilize big
development projects. If you want to know...

Posted by Fyodor on Jan 22

Hi folks. I'm happy to report that the 5.20 release went well. But
with this many improvements, there will always be a few bugs found.
We're planning to round those up with a bugfix-only 5.21 release next
week. So please test out 5.20 and report any problems you experience:

Download Page: http://nmap.org/download.html
Bug Report Instructions: http://nmap.org/book/man-bugs.html

If you're running from a build of the latest SVN checkout, you...

Posted by Fyodor on Jan 20

Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)

The...

Posted by Fyodor on Jul 16

Hello everyone. I'm delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.

There are too many changes to list them all in this email, so here are
the top 5 improvements in Nmap 5:

1) The new Ncat tool aims to be your Swiss Army Knife...

Posted by Fyodor on Jun 26

Hi Folks. I'm pleased to announce some exciting Nmap news:

[=================Nmap 4.90RC1==================]

It has been nearly 10 months (and 11 dev releases) since 4.76, the
last stable Nmap release. And we've made many dramatic changes, so it
is time for a new stable version! I've posted a release
candidate--4.90RC1--on the Nmap download page:

http://nmap.org/download.html

Please test it out, and let us know if you find any problems...

Posted by Fyodor on Apr 01

Hi Folks! In case you missed all the news reports yesterday, a couple
great researchers from the Honeynet Project (Tillmann Werner and Felix
Leder) and Dan Kaminsky came up with a way to remotely detect the
Conficker worm which has infected millions of machines worldwide.
Some say 15,000,000 machines infected, but that might just be
exaggerated AV-company BS for all I know. But there are clearly
millions of infections, and this massive botnet...

Posted by Fyodor on Mar 27

Hello everyone. We've seen 848 messages on nmap-dev this year, but
this is my first post to nmap-hackers. So I have a lot of exciting
Nmap news to fit into this one email!

[=================Nmap 4.85BETA4==================]

While the last release I posted to this list was 4.76 in September of
last year, we've had four beta releases since then with hundreds of
important and dramatic changes. I'm pretty happy with the latest
4.85BETA4 release,...

Yahoo! News: Security News

Reuters - Two security experts said on Friday they released a tool for attacking smartphones that use Google Inc's Android operating system to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages.

AFP - Software security experts warn that mobile phones are tempting targets for hackers in a world where people eagerly invite strange applications onto handsets packed with personal data.

AP - An FBI official said Friday a two-year-long multinational investigation led them to nab a 23-year-old Slovenian, who allegedly created a malicious software code that infected 12 million computers worldwide.

AP - Researchers have uncovered new ways that criminals can spy on Internet users even if they're using secure connections to banks, online retailers or other sensitive Web sites.

AP - Computer-security software maker McAfee Inc. said Thursday that its second-quarter profit rose 38 percent, helped by growth in its corporate and consumer businesses. PC World - Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

AFP - The Internet has undergone a key upgrade that promises to stop cyber criminals from using fake websites that dupe people into downloading viruses or revealing personal data.

AP - A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.

PC World - The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.

AFP - US, Spanish and Slovenian law enforcement authorities on Wednesday announced the arrest of the suspected creator of the "Mariposa Botnet," a vast network of virus-infected computers used by criminal hackers.

AFP - As a major computer security conference kicked off here Wednesday, Microsoft announced that teamwork between technology rivals is paying off in the perpetual arms race with hackers.

PC Magazine - Sen. John Kerry said Tuesday that he will join his House colleagues and take a crack at privacy legislation. PC Magazine - Thanks to F-Secure for revealing the latest in rogue anti-malware: A fake Firefox "Just Updated" page which pushes you to install an update to Flash. AP - International authorities have arrested a computer hacker believed responsible for creating the malicious computer code that infected as many as 12 million computers, invading major banks and corporations around the world, FBI officials told The Associated Press on Tuesday. PC World - The U.K.'s Cyber Security Challenge began accepting registrations Monday for a series of computer security exercises designed to spur interest in the field. PC World - Computers in Iran have been hardest hit by a dangerous computer worm that tries to steal information from industrial control systems. PC World - Worms, malware, zero-day attacks -- it was a worrisome week on the security front, with stories in that genre taking our top three slots. PC World - Symantec has released the July 2010 MessageLabs Intelligence Report which contains the usual interesting and relevant facts regarding trends in spam and malware. Of particular interest in this report, though, is the fact that attacks exploiting shortened URLs have skyrocketed, and that a new approach is needed to protect against the rising threat. PC World - A feature in Apple's Safari browser designed to make it easier to fill out forms could by abused by hackers to harvest personal information, according to a security researcher. PC World - The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.

Computerworld Security News

Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2. U.S. Defense Secretary Robert Gates said military officials are launching a review of IT security procedures following the leaking of tens of thousands of classified documents related to the war in Afghanistan. As many as four million users of Android phones have downloaded wallpaper apps that swipe personal data from the phone and transmit it to a Chinese-owned server, a mobile security firm said today. Cybercriminals are increasingly looking at business rather than consumer accounts to hack as banks scramble to shore up their defenses, according to an executive from vendor IronKey. A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves. A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference. View more Security news and analysis from Computerworld.com

SecurityFocus Vulnerabilities

GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability XSS vulnerability in Campsite XSS vulnerability in Campsite Akamai Download Manager arbitrary file download & execution News, Infocus, Columns, Vulnerabilities, Bugtraq ...