OSVDB Most Recent Stable Entries

OSVDB has completed a major redesign, and this feed has been replaced with more customizable feeds. Please visit osvdb.org for more information on how to use our new services.

SecurityFocus Vulnerabilities

Microsoft August 2008 Advance Notification Multiple Vulnerabilities Nokia Series 40 Multiple Unspecified Unauthorized Access Vulnerabilities Sun Java Micro Edition (ME) Multiple Unspecified Security-Bypass Vulnerabilities OpenVMS Finger Service Stack Based Buffer Overflow Vulnerability [SE-2008-01] J2ME Security Vulnerabilities 2008 Whitepaper: DNS zone redelegation Re: [funsec] facebook messages worm Re: [Full-disclosure] [funsec] facebook messages worm News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Nmap Hackers (nmap-hackers) Mailing List

Posted by Fyodor on Jul 31

Hi All. I'm happy to report that there have been several stable Nmap
releases since I mailed you about Nmap 4.60 in March. The latest
version is 4.68, and I think you'll like it (unless you still use
Win2K, which can be problematic due to IPv6 issues that we hope to
resolve in the next...

Posted by Fyodor on Jul 31

Hi All. I feel derelict for failing to post any Nmap news to this
nmap-hackers list in the last four months, but you can rest assured
that we've been busy on the project! For example, there have been
1,181 posts on the nmap-dev list (not all from me) since my March
nmap-hackers...

Posted by Fyodor on Mar 24

It may have taken me four months to send this year's first
nmap-hackers mail, but the second only took me four hours. I want to
let you all know that Nmap has been accepted for the fourth year
running to participate in the Google Summer of Code program. This
generous and innovative program...

Posted by Fyodor on Dec 13

Hi everyone. I'm proud to say that Nmap has reached its 10th
anniversary since I released it in 1997, and it is still going strong!
To celebrate that, Nmap 4.50 has been released. It is the first
stable release in more than a year (there have been dozens of dev
releases), and the first...

Posted by Fyodor on Apr 12

Hello everyone. After weeks of poring through more than 50
applications, I am delighted to introduce the 2007 Nmap/Google Summer
of Code Team! If you enjoy the new OS detection system, runtime
interaction, or the Nmap Scripting Engine, you are taking advantage of
features developed in a...

Posted by Fyodor on Mar 21

Hello everyone! While I haven't posted here in almost two months,
Nmap development continues full speed ahead! In fact, there is so
much news that I am sending this mail in digest format rather than
flood your emailboxes with separate messages.

CONTENTS:
 o GoDaddy Redux

 o New...

Posted by Professor Messer on Feb 20

Hello, all -

Since writing "Secrets of Network Cartography: A Comprehensive Guide to
Nmap" over a year ago, I've spoken with many of you at trade shows and
security seminars regarding what you'd like to see in Nmap educational
materials. Based on your feedback, I'm now ready to...

SecurityFocus News

Gov't charges alleged TJX credit-card thieves Poisoned DNS servers pop up as ISPs patch E-Gold pleads guilty to money laundering

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Senate amends FISA, allows immunity Researcher: Toll system poses hacking risk Mozilla ups ante on security

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Microsoft offers peek to protection firms Worm builds botnets with MySpace, Facebook TJX employee fired for exposing shoddy security

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Thoughts of a Teenage Bot Master Radio Free Europe hit by DDoS attack Flash vuln fells Vista

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Nigeria enlists Microsoft to fight spam scammers Cross-Site Scripting Worm Hits MySpace Another data security bill in the works

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 FTC sues company over spyware Blocking Traffic by Country on Production Networks Integrating More Intelligence into Your IDS, Part 2

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Integrating More Intelligence into Your IDS, Part 1 A Guide to Different Kinds of Honeypots An Astonishing Collaboration

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 Bad-Code Blues Firing Up Browser Security Racing Against Reversers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Computerworld Security News

(Source: Sunbelt Software) Security is the most single critical task for any email administrator. Starting with a foundation of anti-spam and anti-virus capabilities, organizations should focus on other capabilities, as well, including policy management and a variety of other tasks designed to protect the network and the company from external and internal threats.

There are a number of ways to deploy messaging security, including appliances, software installed on dedicated servers, hosted or managed services and installation of softwaredirectly on the email server itself. While there are proponents and opponents of these approaches, there seems to be relatively strong opposition to the last approach on the part of many email administrators.

Osterman Research shares insights gleaned from a just completed survey that dispel the fears of employing server-based email security solutions. Read this white paper to help you understand the latest Exchange security risks and also learn about reasons why an installed security solution may be the best option for you in countering those challenges.

Microsoft plans to deliver a dozen security updates next week to fix critical vulnerabilities in Windows, Office, Internet Explorer and the media player bundled with Vista.

The Russian hacker gang that's been using a Microsoft administration tool to steal passwords has cashed in big time for years, according to the researcher who has tracked the group's crimes.

(Source: Webroot Software) In June 2008, Computerworld invited IT and business leaders to participate in a survey on online security initiatives at their organizations. The goal of the survey was to better understand Web and e-mail security issues faced today within the regulated education, financial services, government and health care industries. The following report represents top-line results of that survey.

(Source: MessageLabs) Register for a complimentary 30 day trial of MessageLabs' new managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all known and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk.Register now for a complimentary trial and receive a free datasheet.

(Source: Webroot Software) The Web is the new threat vector of choice for hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. This paper outlines the challenges facing many SMBs and provides solutions for overall security effectiveness and reducing the burden on IT departments.

View more Security news and analysis from Computerworld.com.

Yahoo! News: Security News

InfoWorld - Virtualization on the Mac has never had it so good. There are several options available for running almost any x86-based operating system as a VM under Mac OS X, including Parallels, VMware Fusion, and VirtualBox. If you like the fact that Macs are less prone to problems, viruses, and spyware, but you simply have to run a few Windows applications, it???s a great time to be alive. CNET - LAS VEGAS--On Wednesday, Joe Stewart, director of malware research for SecureWorks, presented his work on protocols and encryption used by the Storm worm botnet at Black Hat 2008.

AP - A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.

AFP - Computer security professionals crammed into a Las Vegas ballroom on Wednesday for the first public briefing on an Internet flaw that lets hackers hijack traffic on the World Wide Web.

NewsFactor - Thousands of network security professionals are in Las Vegas for the annual Black Hat Briefings computer security conference, which will be immediately followed by the DEFCON hacker convention. Both events focus on network and Internet security issues. The Black Hat conference is held at Caesars Palace Las Vegas Hotel & Casino, while DEFCON is at the Riviera Hotel & Casino August 8-16. USATODAY.com - He goes by the nickname A-Z and is one of Russia's bright young tech stars. He's a crack programmer, successful entrepreneur and creator of sophisticated software tools that help his customers make millions. PC Magazine - Amid Congress' loud brawling over energy legislation the week of July 28, lawmakers quietly managed to approve a bill to expand the rights of cyber-crime victims. PC Magazine - Does the Macintosh need antivirus protection? Such a question has been asked for years, especially with the dearth of substantive Mac-specific worms. With PC Tools' new iAntivirus, you won't be paying anything for it, at least. PC Magazine - PC Magazine will be testing the major security suites on how their background tasks affect real-world actions. TechWeb - InformationWeek - An RSA survey found the e-mail-borne malware and phishing that affected 69% of respondents' companies, may not have led to serious consequences in every instance.

Reuters - China's blocking of Web sites has embarrassed the International Olympic Committee, but a computer security expert said on Thursday that visitors to Beijing also needed to protect their data from prying eyes.

AP - Some call it the biggest hack of military computers; perhaps it was just a big embarrassment.

TechWeb - InformationWeek - UFO fanatic Gary McKinnon is accused of hacking into 97 U.S. military computer systems in 2001 and 2002 and may face as many as 70 years in a U.S. prison. NewsFactor - Britain's top court on Wednesday refused to block the extradition of a British hacker accused of breaking into military and NASA computers in the U.S. The accused hacker says he broke into the systems on a quest for information about UFOs.

AFP - A British man accused of hacking into the computer systems of the US military and NASA on Wednesday lost his appeal against extradition to face trial.

Reuters - A British computer expert lost his appeal on Wednesday against extradition to the United States where he is accused of "the biggest military hack of all time" and could face up to 70 years in prison.

PC World - A British hacker who broke into U.S. military computers looks set to be extradited to the U.S. after the highest British court... TechWeb - InformationWeek - The exploit code was released July 17, two days after Oracle issued its second-quarter Critical Patch Update. TechWeb - InformationWeek - The proliferation of user-generated content on popular Web 2.0 sites has opened the door for hackers to plant malware, says Websense report. PC World - Being a technology reporter, my e-mail inbox is a crowded place.